SQS Messaging Between the Application Template and Firewall
Post a message to the SQS URL to enable the lambda function
in the firewall template to learn about a new network load balancer.
So that the VM-Series firewalls deployed using
the firewall-v2.0.template can detect and send traffic to the network
load balancers to which you want to automatically distribute incoming
traffic, the firewall template includes a lambda function that monitors
a Simple Queue Service for messages. The message allows the lambda function
to learn about a new network load balancer and then automatically
create a NAT policy rule on the firewall to send traffic to the
IP address of the network load balancer. In order to route traffic
properly within the AWS infrastructure, the message must also include
basic information on the DNS, VPC ID, and the AZ to which the network
load balancer belongs.
If you are building your own application
template, you must set up your application template to post two
types of messages to the SQS URL that the firewall template in the
VM-Series autoscaling template version 2.0 uses to learn about network
load balancers to which it must distribute traffic in your environment:
ADD-NLB message that informs the firewalls when a new network
load balancer is available.
DEL-NLB message that informs the firewalls when a network
load balancer has been terminated and is no longer available.
following examples of each message type includes sample values.
You need to modify these message with values that match your deployment.