Resource: aws_networkfirewall_resource_policy

Provides an AWS Network Firewall Resource Policy Resource for a rule group or firewall policy.

Example Usage

For a Firewall Policy resource

resource "aws_networkfirewall_resource_policy" "example" {
  resource_arn = aws_networkfirewall_firewall_policy.example.arn
  # policy's Action element must include all of the following operations
  policy = jsonencode({
    Statement = [{
      Action = [
        "network-firewall:ListFirewallPolicies",
        "network-firewall:CreateFirewall",
        "network-firewall:UpdateFirewall",
        "network-firewall:AssociateFirewallPolicy"
      ]
      Effect   = "Allow"
      Resource = aws_networkfirewall_firewall_policy.example.arn
      Principal = {
        AWS = "arn:aws:iam::123456789012:root"
      }
    }]
    Version = "2012-10-17"
  })
}

For a Rule Group resource

resource "aws_networkfirewall_resource_policy" "example" {
  resource_arn = aws_networkfirewall_rule_group.example.arn
  # policy's Action element must include all of the following operations
  policy = jsonencode({
    Statement = [{
      Action = [
        "network-firewall:ListRuleGroups",
        "network-firewall:CreateFirewallPolicy",
        "network-firewall:UpdateFirewallPolicy"
      ]
      Effect   = "Allow"
      Resource = aws_networkfirewall_rule_group.example.arn
      Principal = {
        AWS = "arn:aws:iam::123456789012:root"
      }
    }]
    Version = "2012-10-17"
  })
}

Argument Reference

This resource supports the following arguments:

Attribute Reference

This resource exports the following attributes in addition to the arguments above:

Import

In Terraform v1.5.0 and later, use an import block to import Network Firewall Resource Policies using the resource_arn. For example:

import {
  to = aws_networkfirewall_resource_policy.example
  id = "aws_networkfirewall_rule_group.example arn:aws:network-firewall:us-west-1:123456789012:stateful-rulegroup/example"
}

Using terraform import, import Network Firewall Resource Policies using the resource_arn. For example:

% terraform import aws_networkfirewall_resource_policy.example aws_networkfirewall_rule_group.example arn:aws:network-firewall:us-west-1:123456789012:stateful-rulegroup/example