Create an AWS Network Firewall Endpoint in Terraform
How to create an AWS Network firewall endpoint in terraform
When I was reading the docs about how to setup AWS Network firewall e.g.
- https://docs.aws.amazon.com/network-firewall/latest/developerguide/how-it-works.html
- https://docs.aws.amazon.com/network-firewall/latest/developerguide/arch-two-zone-igw.html
they show you need a “firewall endpoint”. From experience, typically when this is the case there will be a corresponding Terraform resource that you’ll need to create (which I expected would link to the firewall itself via some reference)
For AWS Network firewall endpoints (after I wasted a fair amount of time searching for it 🤦), this turns out not to be the case…
In fact, they are automatically/implicitly created by the aws_networkfirewall_firewall
resource for each of the subnets in the subnet_mapping block
resource "aws_networkfirewall_firewall" "example" {
name = "example"
firewall_policy_arn = aws_networkfirewall_firewall_policy.example.arn
vpc_id = aws_vpc.example.id
dynamic "subnet_mapping" {
for_each = toset(aws_subnet.firewall)
content {
subnet_id = subnet_mapping.value.id
}
}
tags = {
Tag1 = "Value1"
Tag2 = "Value2"
}
}
locals {
endpoint_ids = flatten(aws_networkfirewall_firewall.example.firewall_status[*].sync_states[*].attachment[*])[*].endpoint_id
}
See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/networkfirewall_firewall
for how to access the attributes of aws_networkfirewall_firewall