>
    Firewall-as-Code
    Focus
    Download PDF
    Focus
    1. Home
    2. Cloud NGFW for AWS
    3. Firewall-as-Code
    Download PDF
    Cloud NGFW for AWS

    Firewall-as-Code

    Table of Contents

    Firewall-as-Code

    Learn how to use firewall-as-code for your Cloud NGFW resource.
    Where Can I Use This?What Do I Need?
    • Cloud NGFW for AWS
    • Cloud NGFW subscription
    • Palo Alto Networks Customer Support Account (CSP)
    • AWS Marketplace account
    • User role (either tenant or administrator)
    The Cloud NGFW for AWS supports firewall-as-code. This includes support for Terraform, an open-source tool you can use to define, manage, and version infrastructure resources using configuration files. As an infrastructure as code tool, Terraform enables you to automate cloud and on-premises resources by defining resources in configuration files that you can reuse, share, and version to:
    • reduce costs by minimizing redundant workflows.
    • reduce risk by standardizing how infrastructure is codified and reused.
    • use automation to reduce the time it takes to deploy your Cloud NGFW resource.
    • improve reliability by ensuring that your Cloud NGFW resources are provisioned and configured as declared by the Terraform configuration files.
    In addition to Terraform support, your Cloud NGFW resource also supports AWS CloudFormation. CloudFormation is a service provided by AWS that helps you model and configure your AWS resources by creating a template that describes all of the AWS resources that you use (for example, an Amazon EC2 instance). With the CloudFormation template, you don't need to individually create and configure your AWS resources. The template does the work for you. Specifically, it:
    • Simplifies infrastructure management by using a template to describe all of the resources (for example, an auto scaling group or an elastic load balancer) and their properties.
    • replicates your infrastructure, which allows you to reuse your CloudFormation template in a consistent and repeatable manner. Describe your resources using the template once, then provision the same resources over and over across multiple regions.
    • controls and tracks changes to your deployments by supporting situations like incremental upgrades. For example, an upgrade may have introduced unforeseen performance issues. Manually rolling back your infrastructure to the original settings would require familiarity with what resources changed, and, the original settings. The CloudFormation template, written as an easy to read text file, helps to identify changes to your infrastructure by clearly identifying revisions. And, when coupled with a version control system, you know exactly when and where changes were made, and by whom.

    © 2024 Palo Alto Networks, Inc. All rights reserved.