[New Resource]: Firewall Manager Import Network Firewall

[tomhunte]

Description

[New Resource] or update existing to accept type: IMPORT_NETWORK_FIREWALL.****

Requested Resource(s) and/or Data Source(s)

• aws_fms_policy

Potential Terraform Configuration

resource "aws_fms_policy" "nwfw_policy" {
  name                               = "IMPORTED_FIREWALLS"
  delete_all_policy_resources        = true
  delete_unused_fm_managed_resources = true
  description                        = "Imported Firewalls"
  exclude_resource_tags              = false
  remediation_enabled                = true

  resource_type_list = ["AWS::EC2::VPC"]

  include_map {
    account = ["123456789012"]
  }

  exclude_map {
    account = ["098765432109"]
  }

  security_service_policy_data {
    type = "IMPORT_NETWORK_FIREWALL"
    managed_service_data = jsonencode({
      type                                           = "IMPORT_NETWORK_FIREWALL"
      networkFirewallStatelessRuleGroupReferences    = []
      networkFirewallStatelessDefaultActions         = ["aws:pass"]
      networkFirewallStatelessFragmentDefaultActions = ["aws:drop"]
      networkFirewallStatelessCustomActions          = []
      resourceSetIds = [<ARN_OF_RESOURCE_SET_FOR_FIREWALL>]
      networkFirewallStatefulRuleGroupReferences     = {
        "resourceARN": "arn:aws:network-firewall:us-west-2:aws-managed:stateful-rulegroup/AbusedLegitBotNetCommandAndControlDomainsActionOrder",
        "override": null
      },
      networkFirewallStatefulEngineOptions = {
        ruleOrder = "DEFAULT_ACTION_ORDER"
      }
      networkFirewallOrchestrationConfig = {
        singleFirewallEndpointPerVPC = false
        routeManagementAction        = "MONITOR"
        routeManagementTargetTypes   = ["InternetGateway"]
      }
    })
  }
}

References

https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/fms@v1.35.0/types#Policy https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_PutPolicy.html https://docs.aws.amazon.com/waf/latest/developerguide/network-firewall-policies.html

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[tomhunte]

I'll take a crack at it.