Open ramramhariram opened 2 years ago
Hey @ramramhariram 👋 Thank you for taking the time to raise this! Regarding the aws_security_group_rule
, this is a similar situation as I described in my comment on 25351.
In this case, the aws_networkfirewall_firewall_policy
resource uses networkfirewall.CreateFirewallPolicyWithContext
to create these resources. This function takes a networkfirewall.CreateFirewallPolicyInput
type, which does not have a field for specifying the ARN of an existing network firewall, so we're limited by the underlying API, similar to how we are in the information I gave in the aforementioned comment.
That said, the AWS Go SDK does have a function called networkfirewall.AssociateFirewallPolicy
, which I believe may be useful for creating a separate resource (perhaps aws_networkfirewall_firewall_policy_association
), similar to what is done with the aws_eip_association
resource, so I'd like to leave this request open so that someone from the team or community can take look and determine if that's a viable option.
In the meantime, if the aws_networkfirewall_firewall
resource is being created outside of Terraform, you could define it's configuration, import the resource, and then update the firewall_policy_arn
argument of that resource definition to point to your aws_networkfirewall_firewall_policy
resource to achieve similar functionality.
Any updates on if this feature will be available in the near future or not? Thanks!
I would like to work on this.
Community Note
Description
Primary feature request - For AWS network firewall provider, need the ability to attach a firewall policy to an existing firewall within the same resource. For example, while using TF to create a firewall policy, include an option to provide the firewall ARN/ID to which this firewall policy needs to be attached
New or Affected Resource(s)
Resource: aws_networkfirewall_firewall Resource: aws_networkfirewall_firewall_policy
Potential Terraform Configuration
Option to specify firewall ID/ARN in the firewall policy resource as follows -
References
An existing example is when creating a security group rule, we have the option to specify the security group id.
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule#example-usage
Similar FR - https://github.com/hashicorp/terraform-provider-aws/issues/25351