Ensure that Deletion Protection safety feature is enabled for your Amazon VPC network firewalls in order to protect the firewalls from being accidentally deleted. By default, Deletion Protection is disabled for VPC network firewalls.
AWS Network Firewall is a stateful, managed network firewall and intrusion detection service that enables you to inspect and filter traffic to, from, or between your Virtual Private Clouds (VPCs). With AWS Network Firewall it's easy to deploy network protection (including protection from common network threats) for your Amazon VPC networks. With Deletion Protection safety feature enabled, you have the guarantee that your network firewalls cannot be accidentally deleted and make sure that your Amazon Virtual Private Clouds remain protected by the associated firewalls.
Audit
To determine if your Amazon VPC network firewalls are protected against accidental deletion, perform the following actions:
Note: Inspecting VPC network firewalls for deletion protection using the AWS Management Console is not currently supported.Remediation / Resolution
To enable the Deletion Protection safety feature for your Amazon Virtual Private Cloud (VPC) network firewalls, perform the following actions:
Note: Enabling deletion protection for VPC network firewalls using the AWS Management Console is not currently supported.References
- AWS Documentation
- AWS Network Firewall FAQs
- AWS Network Firewall
- Getting started with AWS Network Firewall
- Firewalls in AWS Network Firewall
- Firewall settings
- AWS Command Line Interface (CLI) Documentation
- ec2
- describe-vpcs
- network-firewall
- list-firewalls
- describe-firewall
- update-firewall-delete-protection