The NGFW is a firewall resource, dedicated to the VPC
you specify, that provide next-generation firewall capabilities.
Upon creation, a NGFW is associated with one or more VPCs. NGFW
endpoints are constructs created—manually or automatically—in each
availability zone in the VPCs you specify. The NGFW applies your
security policy to the traffic received by the NGFW endpoints and
enforces that policy. When creating your NGFW, you must specify
at least one VPC and a local rulestack. Additionally, you must also
specify how and where the associated NGFW endpoints are deployed.