1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
// Code generated by software.amazon.smithy.rust.codegen.smithy-rs. DO NOT EDIT.
#[allow(missing_docs)] // documentation missing in model
#[non_exhaustive]
#[derive(::std::clone::Clone, ::std::cmp::PartialEq, ::std::fmt::Debug)]
pub struct CreateFirewallInput {
/// <p>The descriptive name of the firewall. You can't change the name of a firewall after you create it.</p>
pub firewall_name: ::std::option::Option<::std::string::String>,
/// <p>The Amazon Resource Name (ARN) of the <code>FirewallPolicy</code> that you want to use for the firewall.</p>
pub firewall_policy_arn: ::std::option::Option<::std::string::String>,
/// <p>The unique identifier of the VPC where Network Firewall should create the firewall.</p>
/// <p>You can't change this setting after you create the firewall.</p>
pub vpc_id: ::std::option::Option<::std::string::String>,
/// <p>The public subnets to use for your Network Firewall firewalls. Each subnet must belong to a different Availability Zone in the VPC. Network Firewall creates a firewall endpoint in each subnet.</p>
pub subnet_mappings: ::std::option::Option<::std::vec::Vec<crate::types::SubnetMapping>>,
/// <p>A flag indicating whether it is possible to delete the firewall. A setting of <code>TRUE</code> indicates that the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. When you create a firewall, the operation initializes this flag to <code>TRUE</code>.</p>
pub delete_protection: ::std::option::Option<bool>,
/// <p>A setting indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. When you create a firewall, the operation initializes this setting to <code>TRUE</code>.</p>
pub subnet_change_protection: ::std::option::Option<bool>,
/// <p>A setting indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. When you create a firewall, the operation initializes this setting to <code>TRUE</code>.</p>
pub firewall_policy_change_protection: ::std::option::Option<bool>,
/// <p>A description of the firewall.</p>
pub description: ::std::option::Option<::std::string::String>,
/// <p>The key:value pairs to associate with the resource.</p>
pub tags: ::std::option::Option<::std::vec::Vec<crate::types::Tag>>,
/// <p>A complex type that contains settings for encryption of your firewall resources.</p>
pub encryption_configuration: ::std::option::Option<crate::types::EncryptionConfiguration>,
/// <p>An optional setting indicating the specific traffic analysis types to enable on the firewall.</p>
pub enabled_analysis_types: ::std::option::Option<::std::vec::Vec<crate::types::EnabledAnalysisType>>,
/// <p>Required when creating a transit gateway-attached firewall. The unique identifier of the transit gateway to attach to this firewall. You can provide either a transit gateway from your account or one that has been shared with you through Resource Access Manager.</p><important>
/// <p>After creating the firewall, you cannot change the transit gateway association. To use a different transit gateway, you must create a new firewall.</p>
/// </important>
/// <p>For information about creating firewalls, see <code>CreateFirewall</code>. For specific guidance about transit gateway-attached firewalls, see <a href="https://docs.aws.amazon.com/network-firewall/latest/developerguide/tgw-firewall-considerations.html">Considerations for transit gateway-attached firewalls</a> in the <i>Network Firewall Developer Guide</i>.</p>
pub transit_gateway_id: ::std::option::Option<::std::string::String>,
/// <p>Required. The Availability Zones where you want to create firewall endpoints for a transit gateway-attached firewall. You must specify at least one Availability Zone. Consider enabling the firewall in every Availability Zone where you have workloads to maintain Availability Zone isolation.</p>
/// <p>You can modify Availability Zones later using <code>AssociateAvailabilityZones</code> or <code>DisassociateAvailabilityZones</code>, but this may briefly disrupt traffic. The <code>AvailabilityZoneChangeProtection</code> setting controls whether you can make these modifications.</p>
pub availability_zone_mappings: ::std::option::Option<::std::vec::Vec<crate::types::AvailabilityZoneMapping>>,
/// <p>Optional. A setting indicating whether the firewall is protected against changes to its Availability Zone configuration. When set to <code>TRUE</code>, you cannot add or remove Availability Zones without first disabling this protection using <code>UpdateAvailabilityZoneChangeProtection</code>.</p>
/// <p>Default value: <code>FALSE</code></p>
pub availability_zone_change_protection: ::std::option::Option<bool>,
}
impl CreateFirewallInput {
/// <p>The descriptive name of the firewall. You can't change the name of a firewall after you create it.</p>
pub fn firewall_name(&self) -> ::std::option::Option<&str> {
self.firewall_name.as_deref()
}
/// <p>The Amazon Resource Name (ARN) of the <code>FirewallPolicy</code> that you want to use for the firewall.</p>
pub fn firewall_policy_arn(&self) -> ::std::option::Option<&str> {
self.firewall_policy_arn.as_deref()
}
/// <p>The unique identifier of the VPC where Network Firewall should create the firewall.</p>
/// <p>You can't change this setting after you create the firewall.</p>
pub fn vpc_id(&self) -> ::std::option::Option<&str> {
self.vpc_id.as_deref()
}
/// <p>The public subnets to use for your Network Firewall firewalls. Each subnet must belong to a different Availability Zone in the VPC. Network Firewall creates a firewall endpoint in each subnet.</p>
///
/// If no value was sent for this field, a default will be set. If you want to determine if no value was sent, use `.subnet_mappings.is_none()`.
pub fn subnet_mappings(&self) -> &[crate::types::SubnetMapping] {
self.subnet_mappings.as_deref().unwrap_or_default()
}
/// <p>A flag indicating whether it is possible to delete the firewall. A setting of <code>TRUE</code> indicates that the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. When you create a firewall, the operation initializes this flag to <code>TRUE</code>.</p>
pub fn delete_protection(&self) -> ::std::option::Option<bool> {
self.delete_protection
}
/// <p>A setting indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. When you create a firewall, the operation initializes this setting to <code>TRUE</code>.</p>
pub fn subnet_change_protection(&self) -> ::std::option::Option<bool> {
self.subnet_change_protection
}
/// <p>A setting indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. When you create a firewall, the operation initializes this setting to <code>TRUE</code>.</p>
pub fn firewall_policy_change_protection(&self) -> ::std::option::Option<bool> {
self.firewall_policy_change_protection
}
/// <p>A description of the firewall.</p>
pub fn description(&self) -> ::std::option::Option<&str> {
self.description.as_deref()
}
/// <p>The key:value pairs to associate with the resource.</p>
///
/// If no value was sent for this field, a default will be set. If you want to determine if no value was sent, use `.tags.is_none()`.
pub fn tags(&self) -> &[crate::types::Tag] {
self.tags.as_deref().unwrap_or_default()
}
/// <p>A complex type that contains settings for encryption of your firewall resources.</p>
pub fn encryption_configuration(&self) -> ::std::option::Option<&crate::types::EncryptionConfiguration> {
self.encryption_configuration.as_ref()
}
/// <p>An optional setting indicating the specific traffic analysis types to enable on the firewall.</p>
///
/// If no value was sent for this field, a default will be set. If you want to determine if no value was sent, use `.enabled_analysis_types.is_none()`.
pub fn enabled_analysis_types(&self) -> &[crate::types::EnabledAnalysisType] {
self.enabled_analysis_types.as_deref().unwrap_or_default()
}
/// <p>Required when creating a transit gateway-attached firewall. The unique identifier of the transit gateway to attach to this firewall. You can provide either a transit gateway from your account or one that has been shared with you through Resource Access Manager.</p><important>
/// <p>After creating the firewall, you cannot change the transit gateway association. To use a different transit gateway, you must create a new firewall.</p>
/// </important>
/// <p>For information about creating firewalls, see <code>CreateFirewall</code>. For specific guidance about transit gateway-attached firewalls, see <a href="https://docs.aws.amazon.com/network-firewall/latest/developerguide/tgw-firewall-considerations.html">Considerations for transit gateway-attached firewalls</a> in the <i>Network Firewall Developer Guide</i>.</p>
pub fn transit_gateway_id(&self) -> ::std::option::Option<&str> {
self.transit_gateway_id.as_deref()
}
/// <p>Required. The Availability Zones where you want to create firewall endpoints for a transit gateway-attached firewall. You must specify at least one Availability Zone. Consider enabling the firewall in every Availability Zone where you have workloads to maintain Availability Zone isolation.</p>
/// <p>You can modify Availability Zones later using <code>AssociateAvailabilityZones</code> or <code>DisassociateAvailabilityZones</code>, but this may briefly disrupt traffic. The <code>AvailabilityZoneChangeProtection</code> setting controls whether you can make these modifications.</p>
///
/// If no value was sent for this field, a default will be set. If you want to determine if no value was sent, use `.availability_zone_mappings.is_none()`.
pub fn availability_zone_mappings(&self) -> &[crate::types::AvailabilityZoneMapping] {
self.availability_zone_mappings.as_deref().unwrap_or_default()
}
/// <p>Optional. A setting indicating whether the firewall is protected against changes to its Availability Zone configuration. When set to <code>TRUE</code>, you cannot add or remove Availability Zones without first disabling this protection using <code>UpdateAvailabilityZoneChangeProtection</code>.</p>
/// <p>Default value: <code>FALSE</code></p>
pub fn availability_zone_change_protection(&self) -> ::std::option::Option<bool> {
self.availability_zone_change_protection
}
}
impl CreateFirewallInput {
/// Creates a new builder-style object to manufacture [`CreateFirewallInput`](crate::operation::create_firewall::CreateFirewallInput).
pub fn builder() -> crate::operation::create_firewall::builders::CreateFirewallInputBuilder {
crate::operation::create_firewall::builders::CreateFirewallInputBuilder::default()
}
}
/// A builder for [`CreateFirewallInput`](crate::operation::create_firewall::CreateFirewallInput).
#[derive(::std::clone::Clone, ::std::cmp::PartialEq, ::std::default::Default, ::std::fmt::Debug)]
#[non_exhaustive]
pub struct CreateFirewallInputBuilder {
pub(crate) firewall_name: ::std::option::Option<::std::string::String>,
pub(crate) firewall_policy_arn: ::std::option::Option<::std::string::String>,
pub(crate) vpc_id: ::std::option::Option<::std::string::String>,
pub(crate) subnet_mappings: ::std::option::Option<::std::vec::Vec<crate::types::SubnetMapping>>,
pub(crate) delete_protection: ::std::option::Option<bool>,
pub(crate) subnet_change_protection: ::std::option::Option<bool>,
pub(crate) firewall_policy_change_protection: ::std::option::Option<bool>,
pub(crate) description: ::std::option::Option<::std::string::String>,
pub(crate) tags: ::std::option::Option<::std::vec::Vec<crate::types::Tag>>,
pub(crate) encryption_configuration: ::std::option::Option<crate::types::EncryptionConfiguration>,
pub(crate) enabled_analysis_types: ::std::option::Option<::std::vec::Vec<crate::types::EnabledAnalysisType>>,
pub(crate) transit_gateway_id: ::std::option::Option<::std::string::String>,
pub(crate) availability_zone_mappings: ::std::option::Option<::std::vec::Vec<crate::types::AvailabilityZoneMapping>>,
pub(crate) availability_zone_change_protection: ::std::option::Option<bool>,
}
impl CreateFirewallInputBuilder {
/// <p>The descriptive name of the firewall. You can't change the name of a firewall after you create it.</p>
/// This field is required.
pub fn firewall_name(mut self, input: impl ::std::convert::Into<::std::string::String>) -> Self {
self.firewall_name = ::std::option::Option::Some(input.into());
self
}
/// <p>The descriptive name of the firewall. You can't change the name of a firewall after you create it.</p>
pub fn set_firewall_name(mut self, input: ::std::option::Option<::std::string::String>) -> Self {
self.firewall_name = input;
self
}
/// <p>The descriptive name of the firewall. You can't change the name of a firewall after you create it.</p>
pub fn get_firewall_name(&self) -> &::std::option::Option<::std::string::String> {
&self.firewall_name
}
/// <p>The Amazon Resource Name (ARN) of the <code>FirewallPolicy</code> that you want to use for the firewall.</p>
/// This field is required.
pub fn firewall_policy_arn(mut self, input: impl ::std::convert::Into<::std::string::String>) -> Self {
self.firewall_policy_arn = ::std::option::Option::Some(input.into());
self
}
/// <p>The Amazon Resource Name (ARN) of the <code>FirewallPolicy</code> that you want to use for the firewall.</p>
pub fn set_firewall_policy_arn(mut self, input: ::std::option::Option<::std::string::String>) -> Self {
self.firewall_policy_arn = input;
self
}
/// <p>The Amazon Resource Name (ARN) of the <code>FirewallPolicy</code> that you want to use for the firewall.</p>
pub fn get_firewall_policy_arn(&self) -> &::std::option::Option<::std::string::String> {
&self.firewall_policy_arn
}
/// <p>The unique identifier of the VPC where Network Firewall should create the firewall.</p>
/// <p>You can't change this setting after you create the firewall.</p>
pub fn vpc_id(mut self, input: impl ::std::convert::Into<::std::string::String>) -> Self {
self.vpc_id = ::std::option::Option::Some(input.into());
self
}
/// <p>The unique identifier of the VPC where Network Firewall should create the firewall.</p>
/// <p>You can't change this setting after you create the firewall.</p>
pub fn set_vpc_id(mut self, input: ::std::option::Option<::std::string::String>) -> Self {
self.vpc_id = input;
self
}
/// <p>The unique identifier of the VPC where Network Firewall should create the firewall.</p>
/// <p>You can't change this setting after you create the firewall.</p>
pub fn get_vpc_id(&self) -> &::std::option::Option<::std::string::String> {
&self.vpc_id
}
/// Appends an item to `subnet_mappings`.
///
/// To override the contents of this collection use [`set_subnet_mappings`](Self::set_subnet_mappings).
///
/// <p>The public subnets to use for your Network Firewall firewalls. Each subnet must belong to a different Availability Zone in the VPC. Network Firewall creates a firewall endpoint in each subnet.</p>
pub fn subnet_mappings(mut self, input: crate::types::SubnetMapping) -> Self {
let mut v = self.subnet_mappings.unwrap_or_default();
v.push(input);
self.subnet_mappings = ::std::option::Option::Some(v);
self
}
/// <p>The public subnets to use for your Network Firewall firewalls. Each subnet must belong to a different Availability Zone in the VPC. Network Firewall creates a firewall endpoint in each subnet.</p>
pub fn set_subnet_mappings(mut self, input: ::std::option::Option<::std::vec::Vec<crate::types::SubnetMapping>>) -> Self {
self.subnet_mappings = input;
self
}
/// <p>The public subnets to use for your Network Firewall firewalls. Each subnet must belong to a different Availability Zone in the VPC. Network Firewall creates a firewall endpoint in each subnet.</p>
pub fn get_subnet_mappings(&self) -> &::std::option::Option<::std::vec::Vec<crate::types::SubnetMapping>> {
&self.subnet_mappings
}
/// <p>A flag indicating whether it is possible to delete the firewall. A setting of <code>TRUE</code> indicates that the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. When you create a firewall, the operation initializes this flag to <code>TRUE</code>.</p>
pub fn delete_protection(mut self, input: bool) -> Self {
self.delete_protection = ::std::option::Option::Some(input);
self
}
/// <p>A flag indicating whether it is possible to delete the firewall. A setting of <code>TRUE</code> indicates that the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. When you create a firewall, the operation initializes this flag to <code>TRUE</code>.</p>
pub fn set_delete_protection(mut self, input: ::std::option::Option<bool>) -> Self {
self.delete_protection = input;
self
}
/// <p>A flag indicating whether it is possible to delete the firewall. A setting of <code>TRUE</code> indicates that the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. When you create a firewall, the operation initializes this flag to <code>TRUE</code>.</p>
pub fn get_delete_protection(&self) -> &::std::option::Option<bool> {
&self.delete_protection
}
/// <p>A setting indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. When you create a firewall, the operation initializes this setting to <code>TRUE</code>.</p>
pub fn subnet_change_protection(mut self, input: bool) -> Self {
self.subnet_change_protection = ::std::option::Option::Some(input);
self
}
/// <p>A setting indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. When you create a firewall, the operation initializes this setting to <code>TRUE</code>.</p>
pub fn set_subnet_change_protection(mut self, input: ::std::option::Option<bool>) -> Self {
self.subnet_change_protection = input;
self
}
/// <p>A setting indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. When you create a firewall, the operation initializes this setting to <code>TRUE</code>.</p>
pub fn get_subnet_change_protection(&self) -> &::std::option::Option<bool> {
&self.subnet_change_protection
}
/// <p>A setting indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. When you create a firewall, the operation initializes this setting to <code>TRUE</code>.</p>
pub fn firewall_policy_change_protection(mut self, input: bool) -> Self {
self.firewall_policy_change_protection = ::std::option::Option::Some(input);
self
}
/// <p>A setting indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. When you create a firewall, the operation initializes this setting to <code>TRUE</code>.</p>
pub fn set_firewall_policy_change_protection(mut self, input: ::std::option::Option<bool>) -> Self {
self.firewall_policy_change_protection = input;
self
}
/// <p>A setting indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. When you create a firewall, the operation initializes this setting to <code>TRUE</code>.</p>
pub fn get_firewall_policy_change_protection(&self) -> &::std::option::Option<bool> {
&self.firewall_policy_change_protection
}
/// <p>A description of the firewall.</p>
pub fn description(mut self, input: impl ::std::convert::Into<::std::string::String>) -> Self {
self.description = ::std::option::Option::Some(input.into());
self
}
/// <p>A description of the firewall.</p>
pub fn set_description(mut self, input: ::std::option::Option<::std::string::String>) -> Self {
self.description = input;
self
}
/// <p>A description of the firewall.</p>
pub fn get_description(&self) -> &::std::option::Option<::std::string::String> {
&self.description
}
/// Appends an item to `tags`.
///
/// To override the contents of this collection use [`set_tags`](Self::set_tags).
///
/// <p>The key:value pairs to associate with the resource.</p>
pub fn tags(mut self, input: crate::types::Tag) -> Self {
let mut v = self.tags.unwrap_or_default();
v.push(input);
self.tags = ::std::option::Option::Some(v);
self
}
/// <p>The key:value pairs to associate with the resource.</p>
pub fn set_tags(mut self, input: ::std::option::Option<::std::vec::Vec<crate::types::Tag>>) -> Self {
self.tags = input;
self
}
/// <p>The key:value pairs to associate with the resource.</p>
pub fn get_tags(&self) -> &::std::option::Option<::std::vec::Vec<crate::types::Tag>> {
&self.tags
}
/// <p>A complex type that contains settings for encryption of your firewall resources.</p>
pub fn encryption_configuration(mut self, input: crate::types::EncryptionConfiguration) -> Self {
self.encryption_configuration = ::std::option::Option::Some(input);
self
}
/// <p>A complex type that contains settings for encryption of your firewall resources.</p>
pub fn set_encryption_configuration(mut self, input: ::std::option::Option<crate::types::EncryptionConfiguration>) -> Self {
self.encryption_configuration = input;
self
}
/// <p>A complex type that contains settings for encryption of your firewall resources.</p>
pub fn get_encryption_configuration(&self) -> &::std::option::Option<crate::types::EncryptionConfiguration> {
&self.encryption_configuration
}
/// Appends an item to `enabled_analysis_types`.
///
/// To override the contents of this collection use [`set_enabled_analysis_types`](Self::set_enabled_analysis_types).
///
/// <p>An optional setting indicating the specific traffic analysis types to enable on the firewall.</p>
pub fn enabled_analysis_types(mut self, input: crate::types::EnabledAnalysisType) -> Self {
let mut v = self.enabled_analysis_types.unwrap_or_default();
v.push(input);
self.enabled_analysis_types = ::std::option::Option::Some(v);
self
}
/// <p>An optional setting indicating the specific traffic analysis types to enable on the firewall.</p>
pub fn set_enabled_analysis_types(mut self, input: ::std::option::Option<::std::vec::Vec<crate::types::EnabledAnalysisType>>) -> Self {
self.enabled_analysis_types = input;
self
}
/// <p>An optional setting indicating the specific traffic analysis types to enable on the firewall.</p>
pub fn get_enabled_analysis_types(&self) -> &::std::option::Option<::std::vec::Vec<crate::types::EnabledAnalysisType>> {
&self.enabled_analysis_types
}
/// <p>Required when creating a transit gateway-attached firewall. The unique identifier of the transit gateway to attach to this firewall. You can provide either a transit gateway from your account or one that has been shared with you through Resource Access Manager.</p><important>
/// <p>After creating the firewall, you cannot change the transit gateway association. To use a different transit gateway, you must create a new firewall.</p>
/// </important>
/// <p>For information about creating firewalls, see <code>CreateFirewall</code>. For specific guidance about transit gateway-attached firewalls, see <a href="https://docs.aws.amazon.com/network-firewall/latest/developerguide/tgw-firewall-considerations.html">Considerations for transit gateway-attached firewalls</a> in the <i>Network Firewall Developer Guide</i>.</p>
pub fn transit_gateway_id(mut self, input: impl ::std::convert::Into<::std::string::String>) -> Self {
self.transit_gateway_id = ::std::option::Option::Some(input.into());
self
}
/// <p>Required when creating a transit gateway-attached firewall. The unique identifier of the transit gateway to attach to this firewall. You can provide either a transit gateway from your account or one that has been shared with you through Resource Access Manager.</p><important>
/// <p>After creating the firewall, you cannot change the transit gateway association. To use a different transit gateway, you must create a new firewall.</p>
/// </important>
/// <p>For information about creating firewalls, see <code>CreateFirewall</code>. For specific guidance about transit gateway-attached firewalls, see <a href="https://docs.aws.amazon.com/network-firewall/latest/developerguide/tgw-firewall-considerations.html">Considerations for transit gateway-attached firewalls</a> in the <i>Network Firewall Developer Guide</i>.</p>
pub fn set_transit_gateway_id(mut self, input: ::std::option::Option<::std::string::String>) -> Self {
self.transit_gateway_id = input;
self
}
/// <p>Required when creating a transit gateway-attached firewall. The unique identifier of the transit gateway to attach to this firewall. You can provide either a transit gateway from your account or one that has been shared with you through Resource Access Manager.</p><important>
/// <p>After creating the firewall, you cannot change the transit gateway association. To use a different transit gateway, you must create a new firewall.</p>
/// </important>
/// <p>For information about creating firewalls, see <code>CreateFirewall</code>. For specific guidance about transit gateway-attached firewalls, see <a href="https://docs.aws.amazon.com/network-firewall/latest/developerguide/tgw-firewall-considerations.html">Considerations for transit gateway-attached firewalls</a> in the <i>Network Firewall Developer Guide</i>.</p>
pub fn get_transit_gateway_id(&self) -> &::std::option::Option<::std::string::String> {
&self.transit_gateway_id
}
/// Appends an item to `availability_zone_mappings`.
///
/// To override the contents of this collection use [`set_availability_zone_mappings`](Self::set_availability_zone_mappings).
///
/// <p>Required. The Availability Zones where you want to create firewall endpoints for a transit gateway-attached firewall. You must specify at least one Availability Zone. Consider enabling the firewall in every Availability Zone where you have workloads to maintain Availability Zone isolation.</p>
/// <p>You can modify Availability Zones later using <code>AssociateAvailabilityZones</code> or <code>DisassociateAvailabilityZones</code>, but this may briefly disrupt traffic. The <code>AvailabilityZoneChangeProtection</code> setting controls whether you can make these modifications.</p>
pub fn availability_zone_mappings(mut self, input: crate::types::AvailabilityZoneMapping) -> Self {
let mut v = self.availability_zone_mappings.unwrap_or_default();
v.push(input);
self.availability_zone_mappings = ::std::option::Option::Some(v);
self
}
/// <p>Required. The Availability Zones where you want to create firewall endpoints for a transit gateway-attached firewall. You must specify at least one Availability Zone. Consider enabling the firewall in every Availability Zone where you have workloads to maintain Availability Zone isolation.</p>
/// <p>You can modify Availability Zones later using <code>AssociateAvailabilityZones</code> or <code>DisassociateAvailabilityZones</code>, but this may briefly disrupt traffic. The <code>AvailabilityZoneChangeProtection</code> setting controls whether you can make these modifications.</p>
pub fn set_availability_zone_mappings(mut self, input: ::std::option::Option<::std::vec::Vec<crate::types::AvailabilityZoneMapping>>) -> Self {
self.availability_zone_mappings = input;
self
}
/// <p>Required. The Availability Zones where you want to create firewall endpoints for a transit gateway-attached firewall. You must specify at least one Availability Zone. Consider enabling the firewall in every Availability Zone where you have workloads to maintain Availability Zone isolation.</p>
/// <p>You can modify Availability Zones later using <code>AssociateAvailabilityZones</code> or <code>DisassociateAvailabilityZones</code>, but this may briefly disrupt traffic. The <code>AvailabilityZoneChangeProtection</code> setting controls whether you can make these modifications.</p>
pub fn get_availability_zone_mappings(&self) -> &::std::option::Option<::std::vec::Vec<crate::types::AvailabilityZoneMapping>> {
&self.availability_zone_mappings
}
/// <p>Optional. A setting indicating whether the firewall is protected against changes to its Availability Zone configuration. When set to <code>TRUE</code>, you cannot add or remove Availability Zones without first disabling this protection using <code>UpdateAvailabilityZoneChangeProtection</code>.</p>
/// <p>Default value: <code>FALSE</code></p>
pub fn availability_zone_change_protection(mut self, input: bool) -> Self {
self.availability_zone_change_protection = ::std::option::Option::Some(input);
self
}
/// <p>Optional. A setting indicating whether the firewall is protected against changes to its Availability Zone configuration. When set to <code>TRUE</code>, you cannot add or remove Availability Zones without first disabling this protection using <code>UpdateAvailabilityZoneChangeProtection</code>.</p>
/// <p>Default value: <code>FALSE</code></p>
pub fn set_availability_zone_change_protection(mut self, input: ::std::option::Option<bool>) -> Self {
self.availability_zone_change_protection = input;
self
}
/// <p>Optional. A setting indicating whether the firewall is protected against changes to its Availability Zone configuration. When set to <code>TRUE</code>, you cannot add or remove Availability Zones without first disabling this protection using <code>UpdateAvailabilityZoneChangeProtection</code>.</p>
/// <p>Default value: <code>FALSE</code></p>
pub fn get_availability_zone_change_protection(&self) -> &::std::option::Option<bool> {
&self.availability_zone_change_protection
}
/// Consumes the builder and constructs a [`CreateFirewallInput`](crate::operation::create_firewall::CreateFirewallInput).
pub fn build(
self,
) -> ::std::result::Result<crate::operation::create_firewall::CreateFirewallInput, ::aws_smithy_types::error::operation::BuildError> {
::std::result::Result::Ok(crate::operation::create_firewall::CreateFirewallInput {
firewall_name: self.firewall_name,
firewall_policy_arn: self.firewall_policy_arn,
vpc_id: self.vpc_id,
subnet_mappings: self.subnet_mappings,
delete_protection: self.delete_protection,
subnet_change_protection: self.subnet_change_protection,
firewall_policy_change_protection: self.firewall_policy_change_protection,
description: self.description,
tags: self.tags,
encryption_configuration: self.encryption_configuration,
enabled_analysis_types: self.enabled_analysis_types,
transit_gateway_id: self.transit_gateway_id,
availability_zone_mappings: self.availability_zone_mappings,
availability_zone_change_protection: self.availability_zone_change_protection,
})
}
}