@aws-sdk/client-network-firewall
Description
AWS SDK for JavaScript NetworkFirewall Client for Node.js, Browser and React Native.
This is the API Reference for AWS Network Firewall. This guide is for developers who need
detailed information about the Network Firewall API actions, data types, and errors.
-
The REST API requires you to handle connection details, such as calculating
signatures, handling request retries, and error handling. For general information
about using the AWS REST APIs, see AWS APIs.
To access Network Firewall using the REST API endpoint:
https://network-firewall..amazonaws.com
-
Alternatively, you can use one of the AWS SDKs to access an API that's tailored to
the programming language or platform that you're using. For more information, see
AWS SDKs.
-
For descriptions of Network Firewall features, including and step-by-step
instructions on how to use them through the Network Firewall console, see the Network Firewall Developer
Guide.
Network Firewall is a stateful, managed, network firewall and intrusion detection and
prevention service for Amazon Virtual Private Cloud (Amazon VPC). With Network Firewall, you can filter traffic at the
perimeter of your VPC. This includes filtering traffic going to and coming from an internet
gateway, NAT gateway, or over VPN or AWS Direct Connect. Network Firewall uses rules that are compatible
with Suricata, a free, open source intrusion detection system (IDS) engine. For information about Suricata,
see the Suricata website.
You can use Network Firewall to monitor and protect your VPC traffic in a number of ways.
The following are just a few examples:
-
Allow domains or IP addresses for known AWS service endpoints, such as Amazon S3, and
block all other forms of traffic.
-
Use custom lists of known bad domains to limit the types of domain names that your
applications can access.
-
Perform deep packet inspection on traffic entering or leaving your VPC.
-
Use stateful protocol detection to filter protocols like HTTPS, regardless of the
port used.
To enable Network Firewall for your VPCs, you perform steps in both Amazon VPC and in
Network Firewall. For information about using Amazon VPC, see Amazon VPC User Guide.
To start using Network Firewall, do the following:
-
(Optional) If you don't already have a VPC that you want to protect, create it in
Amazon VPC.
-
In Amazon VPC, in each Availability Zone where you want to have a firewall endpoint, create a
subnet for the sole use of Network Firewall.
-
In Network Firewall, create stateless and stateful rule groups,
to define the components of the network traffic filtering behavior that you want your firewall to have.
-
In Network Firewall, create a firewall policy that uses your rule groups and
specifies additional default traffic filtering behavior.
-
In Network Firewall, create a firewall and specify your new firewall policy and
VPC subnets. Network Firewall creates a firewall endpoint in each subnet that you
specify, with the behavior that's defined in the firewall policy.
-
In Amazon VPC, use ingress routing enhancements to route traffic through the new firewall
endpoints.
Installing
To install the this package, simply type add or install @aws-sdk/client-network-firewall
using your favorite package manager:
npm install @aws-sdk/client-network-firewall
yarn add @aws-sdk/client-network-firewall
pnpm add @aws-sdk/client-network-firewall
Getting Started
Import
The AWS SDK is modulized by clients and commands.
To send a request, you only need to import the NetworkFirewallClient
and
the commands you need, for example AssociateFirewallPolicyCommand
:
const { NetworkFirewallClient, AssociateFirewallPolicyCommand } = require("@aws-sdk/client-network-firewall");
import { NetworkFirewallClient, AssociateFirewallPolicyCommand } from "@aws-sdk/client-network-firewall";
Usage
To send a request, you:
- Initiate client with configuration (e.g. credentials, region).
- Initiate command with input parameters.
- Call
send
operation on client with command object as input. - If you are using a custom http handler, you may call
destroy()
to close open connections.
const client = new NetworkFirewallClient({ region: "REGION" });
const params = {
};
const command = new AssociateFirewallPolicyCommand(params);
Async/await
We recommend using await
operator to wait for the promise returned by send operation as follows:
try {
const data = await client.send(command);
} catch (error) {
} finally {
}
Async-await is clean, concise, intuitive, easy to debug and has better error handling
as compared to using Promise chains or callbacks.
Promises
You can also use Promise chaining
to execute send operation.
client.send(command).then(
(data) => {
},
(error) => {
}
);
Promises can also be called using .catch()
and .finally()
as follows:
client
.send(command)
.then((data) => {
})
.catch((error) => {
})
.finally(() => {
});
Callbacks
We do not recommend using callbacks because of callback hell,
but they are supported by the send operation.
client.send(command, (err, data) => {
});
v2 compatible style
The client can also send requests using v2 compatible style.
However, it results in a bigger bundle size and may be dropped in next major version. More details in the blog post
on modular packages in AWS SDK for JavaScript
import * as AWS from "@aws-sdk/client-network-firewall";
const client = new AWS.NetworkFirewall({ region: "REGION" });
try {
const data = await client.associateFirewallPolicy(params);
} catch (error) {
}
client
.associateFirewallPolicy(params)
.then((data) => {
})
.catch((error) => {
});
client.associateFirewallPolicy(params, (err, data) => {
});
Troubleshooting
When the service returns an exception, the error will include the exception information,
as well as response metadata (e.g. request id).
try {
const data = await client.send(command);
} catch (error) {
const { requestId, cfId, extendedRequestId } = error.$metadata;
console.log({ requestId, cfId, extendedRequestId });
}
Getting Help
Please use these community resources for getting help.
We use the GitHub issues for tracking bugs and feature requests, but have limited bandwidth to address them.
To test your universal JavaScript code in Node.js, browser and react-native environments,
visit our code samples repo.
Contributing
This client code is generated automatically. Any modifications will be overwritten the next time the @aws-sdk/client-network-firewall
package is updated.
To contribute to client you can check our generate clients scripts.
License
This SDK is distributed under the
Apache License, Version 2.0,
see LICENSE for more information.