Guided Walkthroughs
Step-by-step configuration wizards for your environment
Dedicated Security Account
AWS Backup Strategy
VPC Connectivity Setup
Automated Patching
All Guides
The following rules are included:
let networkFirewalls = Resources.*[
Type == "AWS::NetworkFirewall::Firewall"
]
rule firewall_deletion_protection when %networkFirewalls !empty {
%networkFirewalls {
Properties {
DeleteProtection exists <<DeleteProtection is not configured (i.e. disabled).>>
when DeleteProtection exists {
DeleteProtection == true <<Delete Protection is disabled.>>
}
}
}
}
rule firewall_subnet_change_protection when %networkFirewalls !empty {
%networkFirewalls {
Properties {
SubnetChangeProtection exists <<SubnetChangeProtection is not configured (i.e. disabled).>>
when SubnetChangeProtection exists {
SubnetChangeProtection == true <<Subnet Change Protection is disabled.>>
}
}
}
}