Creating a firewall in AWS Network Firewall
Create a firewall in Network Firewall to start using the protections you've defined in a firewall policy to protect a VPC.
To follow this procedure, the VPC that you want to protect must have at least one subnet available to host a firewall endpoint. For information, see VPC subnets.
To create a firewall through the console
Sign in to the AWS Management Console and open the Amazon VPC console at https://console.aws.amazon.com/vpc/
. -
In the navigation pane, under Network Firewall, choose Firewalls.
-
Choose Create firewall.
-
Enter a Name to identify this firewall.
Note
You can't change the name after you create the firewall.
-
(Optional) Enter a Description for the firewall to help you identify it among your other resources.
-
Choose Next.
-
Choose your VPC from the dropdown list.
Note
You can't change the VPC after you create the firewall.
-
For Firewall subnets, choose the Availability Zones and subnets that you want to use for your firewall endpoints. You can choose up to one subnet for each Availability Zone that your VPC spans. The subnets should be dedicated for Network Firewall firewall use. For more information, see VPC subnets.
-
Choose Next.
-
(Optional) Under Protection against changes, optionally enable Deletion protection and Subnet change protection to protect your firewall against accidental changes.
(Optional) Under Customer managed key, optionally toggle Customize encryption settings to use a AWS Key Management Service customer managed key to encrypt your resources. For more information about this option, see Encryption at rest with AWS Key Management Service.
-
Choose Next.
-
For the Associate firewall policy section, choose the firewall policy that you want to associate with the firewall. If you already have a firewall policy defined, you can select it. Otherwise, you can associate an empty policy, which you must name permanently here. If you associate an empty policy, Network Firewall creates the policy and you can define its rules and other settings using the procedure at Creating a firewall policy.
-
Choose Next.
-
(Optional) For the Add tags - optional section, assign key-value tags to your firewall. For information about tagging your AWS resources, see Tagging AWS Network Firewall resources.
-
Choose Create firewall.
Your new firewall is added to the list in the Firewalls page.
Perform the following additional steps to finish configuring your new firewall and start using it to filter your network traffic.
-
Configure the associated firewall policy, if it's not configured already. For information, see Firewall policies in AWS Network Firewall.
-
Optionally update your firewall to configure logging for your firewall. For information, see Logging network traffic from AWS Network Firewall.
-
Configure your VPC route tables to send traffic through the firewall endpoints. For information, see VPC route table configuration for AWS Network Firewall.