Manage Cloud NGFW
Add and modify the user IAM rules and permission policies required to expand or reduce their access and permissions. You can also delete a user. And individual users can view their roles and change their name or password as necessary.
Permission Policies
| Action | Local Firewall Administrator | Local Rulestack Administrator | Global Rulestack Administrator |
|---|---|---|---|
| Create a Firewall Resource | ☑ | ☐ | ☐ |
| Delete a Firewall Resource | ☑ | ☐ | ☐ |
| Describe a Firewall Resource | ☑ | ☑ | ☑ |
| List Firewall Resources | ☑ | ☑ | ☑ |
| Update a Firewall Resource Description | ☑ | ☐ | ☐ |
| Update a Firewall Content Version | ☑ | ☐ | ☐ |
| Update a Firewall Resource Subnet Mappings | ☑ | ☐ | ☐ |
List firewall resources
Retrieve all firewalls in the Global Firewall Admin (FMS) account along with their associated firewall policy metadata.
Create firewall resource
Create an AWS Network Firewall by specifying firewall policy, subnets in your VPC, and associated tags.
Delete firewall resource
Delete the specified NGFW. Verify the NGFW is not in use by reviewing route tables for Availability Zones where NGFW subnet mappings exist. Update route tables to remove NGFW endpoints before deletion.
Retrieve firewall resource
Retrieve the configuration data for a specific NGFW resource.
Update firewall description
Modify the description of a specific NGFW to help identify the firewall during management operations.
Update subnet mappings
Update the subnet IDs associated with an NGFW.