When I create a VPC can I attach a Network Firewall to it upon creation?

Question

I'm creating a VPC and I plan to create a config rule to determine if the VPC created has a Network Firewall Attached. I currently have the data I need to extract this from tags.

However, I' going through the console and it doesn't appear that I can create a VPC and attach a Network Firewall to it upon creation. Browsing through the internet it appears this is done separately in the creation process. I want to confirm if this is the case?

When creating a VPC, is this true?

Answer

You're correct - you cannot create/attach a Network Firewall to a VPC at VPC creation time. But that's no different to the VPC creation process where the subnets, route tables, NACLs and security groups are all created as separate actions.

You can automate the creation of Network Firewall (as well as all the other VPC components) using CloudFormation or other Infrastructure-as-Code tools.

Answer

Correct, you can associate a VPC when you create the AWS Network Firewall, as described [here](https://docs.aws.amazon.com/network-firewall/latest/developerguide/firewall-creating.html).

Answer

Hi ,

I assume, you will be having AWS network firewall for centralized egress. If you have mutliple VPCs which are connected via Transit Gateway,  Please refer this [https://docs.aws.amazon.com/solutions/latest/firewall-automation-for-network-traffic-on-aws/overview.html](https://docs.aws.amazon.com/solutions/latest/firewall-automation-for-network-traffic-on-aws/overview.html).

In simple terms, We cannot associate Network Firewall to VPC for inspection, you can create routes on the VPC route table to route the traffic to Network Firewall for inspection. Ofcourse, we need VPCs when we create Network Firewall but for inspection we can use VPC route table to send/receive traffic.

When I create a VPC can I attach a Network Firewall to it upon creation?

関連するコンテンツ