Only complete this section if you want to explore how to create AWS Network Firewall from the scratch and configure networking constructs for traffic to pass through the firewall. If you are looking for pre-configured setup, go to Deploy Resources
Objective of this activity is to guide you through creating and configuring AWS Network Firewall in centralized model. This Activity also guides you through creating appropriate routes in appropriate route tables to allow desired traffic to pass through firewall for inspection.
To deploy underlying bare bone infrastructure, follow below steps:
|File Name||Purpose||Template Download|
|anfw-centralized-diy-template-2az.yaml||This template deploys underlying infrastructure (VPCs, internet gateway, subnets, route tables, nat gateways, transit gateway including transit gateway attachments and route tables) required for create AWS Network Firewall in centralized model in your selected region. Make sure that the region you have chosen supports AWS Network Firewall.||Click to download|
Click here to open AWS CloudFormation Console in
Upload template file, click on
Choose file to provide the template downloaded in Step-1. Click Next once done.
Specify stack details, provide a meaningful Stack name and select a single Availability Zone to be used for this workshop. Leave the other parameters as default and press Next.
Configure stack options.
Reviewpage, at the bottom acknowledge that IAM resources may be created as part of this stack as shown in bpicture below. Press “Create stack” once ready.
Once all the resources in the template are successfully provisioned, the status of CloudFormation Stack will change to
CREATE_COMPLETE as shown in picture below. When that happens, move to Lab 1 to review and verify and continue.
This template provisions multiple VPCs - ensure that your account is within the VPC Quota limits as defined here.
This template provisions resources across 2 Availability Zones. In a production environment, it is strongly recommended that you use multiple AZs to ensure high availability.
For resources provisioned in personal/work AWS accounts - charges may apply. It is highly encouraged to delete the resources once workshop is completed.
Follow steps outlined in
4. Cleanup from the menu on left to delete all resources provisioned during this lab.