Deploy Resources (Manually)

Only complete this section if you want to explore how to create AWS Network Firewall from the scratch and configure networking constructs for traffic to pass through the firewall. If you are looking for pre-configured setup, go to Deploy Resources

Create infrastructure:

Objective of this activity is to guide you through creating and configuring AWS Network Firewall in centralized model. This Activity also guides you through creating appropriate routes in appropriate route tables to allow desired traffic to pass through firewall for inspection.

To deploy underlying bare bone infrastructure, follow below steps:

Step 1 : Download CloudFormation template:
File Name Purpose Template Download
anfw-centralized-diy-template-2az.yaml This template deploys underlying infrastructure (VPCs, internet gateway, subnets, route tables, nat gateways, transit gateway including transit gateway attachments and route tables) required for create AWS Network Firewall in centralized model in your selected region. Make sure that the region you have chosen supports AWS Network Firewall. Click to download
Step 2 : Deploy using AWS CloudFormation
  • Click here to open AWS CloudFormation Console in us-west-2 region.

  • Select Upload template file, click on Choose file to provide the template downloaded in Step-1. Click Next once done.


  • In Specify stack details, provide a meaningful Stack name and select a single Availability Zone to be used for this workshop. Leave the other parameters as default and press Next.


  • Review and accept the defaults on Configure stack options.
  • On Review page, at the bottom acknowledge that IAM resources may be created as part of this stack as shown in bpicture below. Press “Create stack” once ready.


Step 3 : Success

Once all the resources in the template are successfully provisioned, the status of CloudFormation Stack will change to CREATE_COMPLETE as shown in picture below. When that happens, move to Lab 1 to review and verify and continue.


This template provisions multiple VPCs - ensure that your account is within the VPC Quota limits as defined here.

This template provisions resources across 2 Availability Zones. In a production environment, it is strongly recommended that you use multiple AZs to ensure high availability.

For resources provisioned in personal/work AWS accounts - charges may apply. It is highly encouraged to delete the resources once workshop is completed.

Follow steps outlined in 4. Cleanup from the menu on left to delete all resources provisioned during this lab.