AWS_NF_5
The network firewall helps you protect your VPC. Set subnet change protection to protect against accidental modification of the subnet associations, which might expose a protected subnet.
From Portal:
1. Sign in to the AWS console
2. In the console, select the specific region
3. Navigate to the ‘AWS Network Firewall’ service.
4. In the left pane under ‘Network Firewall’ click on Firewall.
5. Select desired firewall and click on ‘Firewall details’.
6. Go to ‘change protection’ and click on ‘Edit’.
7. Choose ‘enable’ for Subnet change protection option and click ‘save’.
From TF:
resource aws_networkfirewall_firewall” “example” {
– subnet_change_protection = false
+ subnet_change_protection = true
}
From Command Line:
In order to set Subnet change protection to TRUE use to following CLI command:
“`
aws network-firewall update-subnet-change-protection –firewall-arn FW_ARN –subnet-change-protection
“`
Note: The flag –subnet-change-protection will set the subnet change protection to TRUE.
References:
1. https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_UpdateSubnetChangeProtection.html
2. CLI: https://awscli.amazonaws.com/v2/documentation/api/latest/reference/network-firewall/update-subnet-change-protection.html
Want to Know More?
Learn how our partners are managing their cloud security and compliance with Cloudlytics.
I hereby accept the GDPR and Privacy Policy, by subscribing to the newsletters.