My Saved Presets
You must be logged in to view saved presets

Loading Library ...

Cloudformation Guard Rules for Network Firewall

The following rules are included: 

  • Deletion Protection Enabled
  • Subnet Change Protection Enabled

let networkFirewalls = Resources.*[
	Type == "AWS::NetworkFirewall::Firewall"
]

rule firewall_deletion_protection when %networkFirewalls !empty {
	%networkFirewalls {
		Properties {
			DeleteProtection exists <<DeleteProtection is not configured (i.e. disabled).>>
			when DeleteProtection exists {
				DeleteProtection == true <<Delete Protection is disabled.>>
			}
		}
	}
}


rule firewall_subnet_change_protection when %networkFirewalls !empty {
	%networkFirewalls {
		Properties {
			SubnetChangeProtection exists <<SubnetChangeProtection is not configured (i.e. disabled).>>
			when SubnetChangeProtection exists {
				SubnetChangeProtection == true <<Subnet Change Protection is disabled.>>
			}
		}
	}
}

Actions



Customize Template

* Required field

© 2024 asecurecloud. All rights reserved.