@aws-sdk/client-network-firewall


Description

AWS SDK for JavaScript NetworkFirewall Client for Node.js, Browser and React Native.

This is the API Reference for AWS Network Firewall. This guide is for developers who need
detailed information about the Network Firewall API actions, data types, and errors.

• 
  

  The REST API requires you to handle connection details, such as calculating
  signatures, handling request retries, and error handling. For general information
  about using the AWS REST APIs, see AWS APIs.

  
  

  To access Network Firewall using the REST API endpoint:
  https://network-firewall..amazonaws.com
  

  
  


• 
  

  Alternatively, you can use one of the AWS SDKs to access an API that's tailored to
  the programming language or platform that you're using. For more information, see
  AWS SDKs.

  
  


• 
  

  For descriptions of Network Firewall features, including and step-by-step
  instructions on how to use them through the Network Firewall console, see the Network Firewall Developer
  Guide.

  
  

Network Firewall is a stateful, managed, network firewall and intrusion detection and
prevention service for Amazon Virtual Private Cloud (Amazon VPC). With Network Firewall, you can filter traffic at the
perimeter of your VPC. This includes filtering traffic going to and coming from an internet
gateway, NAT gateway, or over VPN or AWS Direct Connect. Network Firewall uses rules that are compatible
with Suricata, a free, open source intrusion detection system (IDS) engine.
AWS Network Firewall supports Suricata version 5.0.2. For information about Suricata,
see the Suricata website.

You can use Network Firewall to monitor and protect your VPC traffic in a number of ways.
The following are just a few examples:

• 
  

  Allow domains or IP addresses for known AWS service endpoints, such as Amazon S3, and
  block all other forms of traffic.

  
  


• 
  

  Use custom lists of known bad domains to limit the types of domain names that your
  applications can access.

  
  


• 
  

  Perform deep packet inspection on traffic entering or leaving your VPC.

  
  


• 
  

  Use stateful protocol detection to filter protocols like HTTPS, regardless of the
  port used.

  
  

To enable Network Firewall for your VPCs, you perform steps in both Amazon VPC and in
Network Firewall. For information about using Amazon VPC, see Amazon VPC User Guide.

To start using Network Firewall, do the following:

1. 
   

   (Optional) If you don't already have a VPC that you want to protect, create it in
   Amazon VPC.

   
   


2. 
   

   In Amazon VPC, in each Availability Zone where you want to have a firewall endpoint, create a
   subnet for the sole use of Network Firewall.

   
   


3. 
   

   In Network Firewall, create stateless and stateful rule groups,
   to define the components of the network traffic filtering behavior that you want your firewall to have.

   
   


4. 
   

   In Network Firewall, create a firewall policy that uses your rule groups and
   specifies additional default traffic filtering behavior.

   
   


5. 
   

   In Network Firewall, create a firewall and specify your new firewall policy and
   VPC subnets. Network Firewall creates a firewall endpoint in each subnet that you
   specify, with the behavior that's defined in the firewall policy.

   
   


6. 
   

   In Amazon VPC, use ingress routing enhancements to route traffic through the new firewall
   endpoints.

   
   

Installing

To install the this package, simply type add or install @aws-sdk/client-network-firewall
using your favorite package manager:

- npm install @aws-sdk/client-network-firewall
- yarn add @aws-sdk/client-network-firewall
- pnpm add @aws-sdk/client-network-firewall

Getting Started

$3

The AWS SDK is modulized by clients and commands.
To send a request, you only need to import the NetworkFirewallClient and
the commands you need, for example AssociateFirewallPolicyCommand:

``js
// ES5 example
const { NetworkFirewallClient, AssociateFirewallPolicyCommand } = require("@aws-sdk/client-network-firewall");
`

`ts
// ES6+ example
import { NetworkFirewallClient, AssociateFirewallPolicyCommand } from "@aws-sdk/client-network-firewall";
`

$3

To send a request, you:

- Initiate client with configuration (e.g. credentials, region).
- Initiate command with input parameters.
- Call send operation on client with command object as input.
- If you are using a custom http handler, you may call destroy() to close open connections.

`js
// a client can be shared by different commands.
const client = new NetworkFirewallClient({ region: "REGION" });

const params = {
/* input parameters /
};
const command = new AssociateFirewallPolicyCommand(params);
`

#### Async/await

We recommend using await
operator to wait for the promise returned by send operation as follows:

`js
// async/await.
try {
const data = await client.send(command);
// process data.
} catch (error) {
// error handling.
} finally {
// finally.
}
`

Async-await is clean, concise, intuitive, easy to debug and has better error handling
as compared to using Promise chains or callbacks.

#### Promises

You can also use Promise chaining
to execute send operation.

`js
client.send(command).then(
(data) => {
// process data.
},
(error) => {
// error handling.
}
);
`

Promises can also be called using .catch() and .finally() as follows:

`js
client
.send(command)
.then((data) => {
// process data.
})
.catch((error) => {
// error handling.
})
.finally(() => {
// finally.
});
`

#### Callbacks

We do not recommend using callbacks because of callback hell,
but they are supported by the send operation.

`js
// callbacks.
client.send(command, (err, data) => {
// process err and data.
});
`

#### v2 compatible style

The client can also send requests using v2 compatible style.
However, it results in a bigger bundle size and may be dropped in next major version. More details in the blog post
on modular packages in AWS SDK for JavaScript

`ts
import * as AWS from "@aws-sdk/client-network-firewall";
const client = new AWS.NetworkFirewall({ region: "REGION" });

// async/await.
try {
const data = await client.associateFirewallPolicy(params);
// process data.
} catch (error) {
// error handling.
}

// Promises.
client
.associateFirewallPolicy(params)
.then((data) => {
// process data.
})
.catch((error) => {
// error handling.
});

// callbacks.
client.associateFirewallPolicy(params, (err, data) => {
// process err and data.
});
`

$3

When the service returns an exception, the error will include the exception information,
as well as response metadata (e.g. request id).

`js
try {
const data = await client.send(command);
// process data.
} catch (error) {
const { requestId, cfId, extendedRequestId } = error.$metadata;
console.log({ requestId, cfId, extendedRequestId });
/**
* The keys within exceptions are also parsed.
* You can access them by specifying exception names:
* if (error.name === 'SomeServiceException') {
* const value = error.specialKeyInException;
* }
*/
}
`

Getting Help

Please use these community resources for getting help.
We use the GitHub issues for tracking bugs and feature requests, but have limited bandwidth to address them.

- Visit Developer Guide
or API Reference.
- Check out the blog posts tagged with aws-sdk-js
on AWS Developer Blog.
- Ask a question on StackOverflow and tag it with aws-sdk-js.
- Join the AWS JavaScript community on gitter.
- If it turns out that you may have found a bug, please open an issue.

To test your universal JavaScript code in Node.js, browser and react-native environments,
visit our code samples repo.

Contributing

This client code is generated automatically. Any modifications will be overwritten the next time the @aws-sdk/client-network-firewall` package is updated.
To contribute to client you can check our generate clients scripts.

License

This SDK is distributed under the
Apache License, Version 2.0,
see LICENSE for more information.