Docs Home
Palo Alto Networks Cloud NGFW for AWS v0.1.1 published on Saturday, Mar 15, 2025 by Pulumi
cloudngfwaws.AccountOnboardingStack
Explore with Pulumi AI
Palo Alto Networks Cloud NGFW for AWS v0.1.1 published on Saturday, Mar 15, 2025 by Pulumi
Resource for Account Onboarding.
Admin Permission Type
Rulestack(forscope="Local")Global Rulestack(forscope="Global")
Create AccountOnboardingStack Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AccountOnboardingStack(name: string, args: AccountOnboardingStackArgs, opts?: CustomResourceOptions);@overload
def AccountOnboardingStack(resource_name: str,
args: AccountOnboardingStackArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AccountOnboardingStack(resource_name: str,
opts: Optional[ResourceOptions] = None,
external_id: Optional[str] = None,
trusted_account: Optional[str] = None,
cft_role_name: Optional[str] = None,
account_id: Optional[str] = None,
sns_topic_arn: Optional[str] = None,
onboarding_cft: Optional[str] = None,
cloudwatch_log_group: Optional[str] = None,
endpoint_mode: Optional[str] = None,
kinesis_firehose: Optional[str] = None,
decryption_cert: Optional[str] = None,
s3_bucket: Optional[str] = None,
cloudwatch_namespace: Optional[str] = None,
stack_id: Optional[str] = None,
stack_status: Optional[str] = None,
auditlog_group: Optional[str] = None)func NewAccountOnboardingStack(ctx *Context, name string, args AccountOnboardingStackArgs, opts ...ResourceOption) (*AccountOnboardingStack, error)public AccountOnboardingStack(string name, AccountOnboardingStackArgs args, CustomResourceOptions? opts = null)public AccountOnboardingStack(String name, AccountOnboardingStackArgs args)
public AccountOnboardingStack(String name, AccountOnboardingStackArgs args, CustomResourceOptions options)
type: cloudngfwaws:AccountOnboardingStack
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. AccountOnboardingStackArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. AccountOnboardingStackArgs - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. AccountOnboardingStackArgs - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. AccountOnboardingStackArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. AccountOnboardingStackArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var accountOnboardingStackResource = new CloudNgfwAws.AccountOnboardingStack("accountOnboardingStackResource", new()
{
ExternalId = "string",
TrustedAccount = "string",
CftRoleName = "string",
AccountId = "string",
SnsTopicArn = "string",
OnboardingCft = "string",
CloudwatchLogGroup = "string",
EndpointMode = "string",
KinesisFirehose = "string",
DecryptionCert = "string",
S3Bucket = "string",
CloudwatchNamespace = "string",
StackId = "string",
StackStatus = "string",
AuditlogGroup = "string",
});
example, err := cloudngfwaws.NewAccountOnboardingStack(ctx, "accountOnboardingStackResource", &cloudngfwaws.AccountOnboardingStackArgs{
ExternalId: pulumi.String("string"),
TrustedAccount: pulumi.String("string"),
CftRoleName: pulumi.String("string"),
AccountId: pulumi.String("string"),
SnsTopicArn: pulumi.String("string"),
OnboardingCft: pulumi.String("string"),
CloudwatchLogGroup: pulumi.String("string"),
EndpointMode: pulumi.String("string"),
KinesisFirehose: pulumi.String("string"),
DecryptionCert: pulumi.String("string"),
S3Bucket: pulumi.String("string"),
CloudwatchNamespace: pulumi.String("string"),
StackId: pulumi.String("string"),
StackStatus: pulumi.String("string"),
AuditlogGroup: pulumi.String("string"),
})
var accountOnboardingStackResource = new AccountOnboardingStack("accountOnboardingStackResource", AccountOnboardingStackArgs.builder()
.externalId("string")
.trustedAccount("string")
.cftRoleName("string")
.accountId("string")
.snsTopicArn("string")
.onboardingCft("string")
.cloudwatchLogGroup("string")
.endpointMode("string")
.kinesisFirehose("string")
.decryptionCert("string")
.s3Bucket("string")
.cloudwatchNamespace("string")
.stackId("string")
.stackStatus("string")
.auditlogGroup("string")
.build());
account_onboarding_stack_resource = cloudngfwaws.AccountOnboardingStack("accountOnboardingStackResource",
external_id="string",
trusted_account="string",
cft_role_name="string",
account_id="string",
sns_topic_arn="string",
onboarding_cft="string",
cloudwatch_log_group="string",
endpoint_mode="string",
kinesis_firehose="string",
decryption_cert="string",
s3_bucket="string",
cloudwatch_namespace="string",
stack_id="string",
stack_status="string",
auditlog_group="string")
const accountOnboardingStackResource = new cloudngfwaws.AccountOnboardingStack("accountOnboardingStackResource", {
externalId: "string",
trustedAccount: "string",
cftRoleName: "string",
accountId: "string",
snsTopicArn: "string",
onboardingCft: "string",
cloudwatchLogGroup: "string",
endpointMode: "string",
kinesisFirehose: "string",
decryptionCert: "string",
s3Bucket: "string",
cloudwatchNamespace: "string",
stackId: "string",
stackStatus: "string",
auditlogGroup: "string",
});
type: cloudngfwaws:AccountOnboardingStack
properties:
accountId: string
auditlogGroup: string
cftRoleName: string
cloudwatchLogGroup: string
cloudwatchNamespace: string
decryptionCert: string
endpointMode: string
externalId: string
kinesisFirehose: string
onboardingCft: string
s3Bucket: string
snsTopicArn: string
stackId: string
stackStatus: string
trustedAccount: string
AccountOnboardingStack Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AccountOnboardingStack resource accepts the following input properties:
- Account
Id stringThis property is required. 
Changes to this property will trigger replacement. - The account IDs
- Cft
Role Name stringThis property is required. Changes to this property will trigger replacement. - Role name to run the account onboarding CFT in each account to be onboarded.
- External
Id stringThis property is required. Changes to this property will trigger replacement. - External Id of the onboarded account
- Onboarding
Cft stringThis property is required. Changes to this property will trigger replacement. - Role name to run the account onboarding CFT in each account to be onboarded.
- Sns
Topic Arn stringThis property is required. Changes to this property will trigger replacement. - SNS topic ARN to publish the role ARNs
- Trusted
Account stringThis property is required. Changes to this property will trigger replacement. - PANW Cloud NGFW trusted account Id
- Auditlog
Group - Audit Log Group Name
- Cloudwatch
Log Group - Cloudwatch Log Group
- Cloudwatch
Namespace - Cloudwatch Namespace
- Decryption
Cert - The CloudNGFW can decrypt inbound and outbound traffic by providing a certificate stored in secret Manager. The role allows the service to access a certificate configured in the rulestack. Only certificated tagged with PaloAltoCloudNGFW can be accessed
- Endpoint
Mode - Controls whether cloud NGFW will create firewall endpoints automatitically in customer subnets
- Kinesis
Firehose - Kinesis Firehose for logging
- S3Bucket
- S3 Bucket Name for Logging. Logging roles provide access to create log contents in this bucket.
- Stack
Id string - ID of the account onboarding CFT stack
- Stack
Status string - Status of the account onboarding CFT stack.
- Account
Id stringThis property is required. Changes to this property will trigger replacement. - The account IDs
- Cft
Role Name stringThis property is required. Changes to this property will trigger replacement. - Role name to run the account onboarding CFT in each account to be onboarded.
- External
Id stringThis property is required. Changes to this property will trigger replacement. - External Id of the onboarded account
- Onboarding
Cft stringThis property is required. Changes to this property will trigger replacement. - Role name to run the account onboarding CFT in each account to be onboarded.
- Sns
Topic Arn stringThis property is required. Changes to this property will trigger replacement. - SNS topic ARN to publish the role ARNs
- Trusted
Account stringThis property is required. Changes to this property will trigger replacement. - PANW Cloud NGFW trusted account Id
- Auditlog
Group - Audit Log Group Name
- Cloudwatch
Log Group - Cloudwatch Log Group
- Cloudwatch
Namespace - Cloudwatch Namespace
- Decryption
Cert - The CloudNGFW can decrypt inbound and outbound traffic by providing a certificate stored in secret Manager. The role allows the service to access a certificate configured in the rulestack. Only certificated tagged with PaloAltoCloudNGFW can be accessed
- Endpoint
Mode - Controls whether cloud NGFW will create firewall endpoints automatitically in customer subnets
- Kinesis
Firehose - Kinesis Firehose for logging
- S3Bucket
- S3 Bucket Name for Logging. Logging roles provide access to create log contents in this bucket.
- Stack
Id string - ID of the account onboarding CFT stack
- Stack
Status string - Status of the account onboarding CFT stack.
- account
Id StringThis property is required. Changes to this property will trigger replacement. - The account IDs
- cft
Role Name StringThis property is required. Changes to this property will trigger replacement. - Role name to run the account onboarding CFT in each account to be onboarded.
- external
Id StringThis property is required. Changes to this property will trigger replacement. - External Id of the onboarded account
- onboarding
Cft StringThis property is required. Changes to this property will trigger replacement. - Role name to run the account onboarding CFT in each account to be onboarded.
- sns
Topic Arn StringThis property is required. Changes to this property will trigger replacement. - SNS topic ARN to publish the role ARNs
- trusted
Account StringThis property is required. Changes to this property will trigger replacement. - PANW Cloud NGFW trusted account Id
- auditlog
Group - Audit Log Group Name
- cloudwatch
Log Group - Cloudwatch Log Group
- cloudwatch
Namespace - Cloudwatch Namespace
- decryption
Cert - The CloudNGFW can decrypt inbound and outbound traffic by providing a certificate stored in secret Manager. The role allows the service to access a certificate configured in the rulestack. Only certificated tagged with PaloAltoCloudNGFW can be accessed
- endpoint
Mode - Controls whether cloud NGFW will create firewall endpoints automatitically in customer subnets
- kinesis
Firehose - Kinesis Firehose for logging
- s3Bucket
- S3 Bucket Name for Logging. Logging roles provide access to create log contents in this bucket.
- stack
Id String - ID of the account onboarding CFT stack
- stack
Status String - Status of the account onboarding CFT stack.
- account
Id stringThis property is required. Changes to this property will trigger replacement. - The account IDs
- cft
Role Name stringThis property is required. Changes to this property will trigger replacement. - Role name to run the account onboarding CFT in each account to be onboarded.
- external
Id stringThis property is required. Changes to this property will trigger replacement. - External Id of the onboarded account
- onboarding
Cft stringThis property is required. Changes to this property will trigger replacement. - Role name to run the account onboarding CFT in each account to be onboarded.
- sns
Topic Arn stringThis property is required. Changes to this property will trigger replacement. - SNS topic ARN to publish the role ARNs
- trusted
Account stringThis property is required. Changes to this property will trigger replacement. - PANW Cloud NGFW trusted account Id
- auditlog
Group - Audit Log Group Name
- cloudwatch
Log Group - Cloudwatch Log Group
- cloudwatch
Namespace - Cloudwatch Namespace
- decryption
Cert - The CloudNGFW can decrypt inbound and outbound traffic by providing a certificate stored in secret Manager. The role allows the service to access a certificate configured in the rulestack. Only certificated tagged with PaloAltoCloudNGFW can be accessed
- endpoint
Mode - Controls whether cloud NGFW will create firewall endpoints automatitically in customer subnets
- kinesis
Firehose - Kinesis Firehose for logging
- s3Bucket
- S3 Bucket Name for Logging. Logging roles provide access to create log contents in this bucket.
- stack
Id string - ID of the account onboarding CFT stack
- stack
Status string - Status of the account onboarding CFT stack.
- account_
id strThis property is required. Changes to this property will trigger replacement. - The account IDs
- cft_
role_ name strThis property is required. Changes to this property will trigger replacement. - Role name to run the account onboarding CFT in each account to be onboarded.
- external_
id strThis property is required. Changes to this property will trigger replacement. - External Id of the onboarded account
- onboarding_
cft strThis property is required. Changes to this property will trigger replacement. - Role name to run the account onboarding CFT in each account to be onboarded.
- sns_
topic_ arn strThis property is required. Changes to this property will trigger replacement. - SNS topic ARN to publish the role ARNs
- trusted_
account strThis property is required. Changes to this property will trigger replacement. - PANW Cloud NGFW trusted account Id
- auditlog_
group - Audit Log Group Name
- cloudwatch_
log_ group - Cloudwatch Log Group
- cloudwatch_
namespace - Cloudwatch Namespace
- decryption_
cert - The CloudNGFW can decrypt inbound and outbound traffic by providing a certificate stored in secret Manager. The role allows the service to access a certificate configured in the rulestack. Only certificated tagged with PaloAltoCloudNGFW can be accessed
- endpoint_
mode - Controls whether cloud NGFW will create firewall endpoints automatitically in customer subnets
- kinesis_
firehose - Kinesis Firehose for logging
- s3_
bucket - S3 Bucket Name for Logging. Logging roles provide access to create log contents in this bucket.
- stack_
id str - ID of the account onboarding CFT stack
- stack_
status str - Status of the account onboarding CFT stack.
- account
Id StringThis property is required. Changes to this property will trigger replacement. - The account IDs
- cft
Role Name StringThis property is required. Changes to this property will trigger replacement. - Role name to run the account onboarding CFT in each account to be onboarded.
- external
Id StringThis property is required. Changes to this property will trigger replacement. - External Id of the onboarded account
- onboarding
Cft StringThis property is required. Changes to this property will trigger replacement. - Role name to run the account onboarding CFT in each account to be onboarded.
- sns
Topic Arn StringThis property is required. Changes to this property will trigger replacement. - SNS topic ARN to publish the role ARNs
- trusted
Account StringThis property is required. Changes to this property will trigger replacement. - PANW Cloud NGFW trusted account Id
- auditlog
Group - Audit Log Group Name
- cloudwatch
Log Group - Cloudwatch Log Group
- cloudwatch
Namespace - Cloudwatch Namespace
- decryption
Cert - The CloudNGFW can decrypt inbound and outbound traffic by providing a certificate stored in secret Manager. The role allows the service to access a certificate configured in the rulestack. Only certificated tagged with PaloAltoCloudNGFW can be accessed
- endpoint
Mode - Controls whether cloud NGFW will create firewall endpoints automatitically in customer subnets
- kinesis
Firehose - Kinesis Firehose for logging
- s3Bucket
- S3 Bucket Name for Logging. Logging roles provide access to create log contents in this bucket.
- stack
Id String - ID of the account onboarding CFT stack
- stack
Status String - Status of the account onboarding CFT stack.
Outputs
All input properties are implicitly available as output properties. Additionally, the AccountOnboardingStack resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing AccountOnboardingStack Resource
Get an existing AccountOnboardingStack resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AccountOnboardingStackState, opts?: CustomResourceOptions): AccountOnboardingStack@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
auditlog_group: Optional[str] = None,
cft_role_name: Optional[str] = None,
cloudwatch_log_group: Optional[str] = None,
cloudwatch_namespace: Optional[str] = None,
decryption_cert: Optional[str] = None,
endpoint_mode: Optional[str] = None,
external_id: Optional[str] = None,
kinesis_firehose: Optional[str] = None,
onboarding_cft: Optional[str] = None,
s3_bucket: Optional[str] = None,
sns_topic_arn: Optional[str] = None,
stack_id: Optional[str] = None,
stack_status: Optional[str] = None,
trusted_account: Optional[str] = None) -> AccountOnboardingStackfunc GetAccountOnboardingStack(ctx *Context, name string, id IDInput, state *AccountOnboardingStackState, opts ...ResourceOption) (*AccountOnboardingStack, error)public static AccountOnboardingStack Get(string name, Input<string> id, AccountOnboardingStackState? state, CustomResourceOptions? opts = null)public static AccountOnboardingStack get(String name, Output<String> id, AccountOnboardingStackState state, CustomResourceOptions options)resources: _: type: cloudngfwaws:AccountOnboardingStack get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Account
Id - The account IDs
- Auditlog
Group - Audit Log Group Name
- Cft
Role Name - Role name to run the account onboarding CFT in each account to be onboarded.
- Cloudwatch
Log Group - Cloudwatch Log Group
- Cloudwatch
Namespace - Cloudwatch Namespace
- Decryption
Cert - The CloudNGFW can decrypt inbound and outbound traffic by providing a certificate stored in secret Manager. The role allows the service to access a certificate configured in the rulestack. Only certificated tagged with PaloAltoCloudNGFW can be accessed
- Endpoint
Mode - Controls whether cloud NGFW will create firewall endpoints automatitically in customer subnets
- External
Id - External Id of the onboarded account
- Kinesis
Firehose - Kinesis Firehose for logging
- Onboarding
Cft - Role name to run the account onboarding CFT in each account to be onboarded.
- S3Bucket
- S3 Bucket Name for Logging. Logging roles provide access to create log contents in this bucket.
- Sns
Topic Arn - SNS topic ARN to publish the role ARNs
- Stack
Id string - ID of the account onboarding CFT stack
- Stack
Status string - Status of the account onboarding CFT stack.
- Trusted
Account - PANW Cloud NGFW trusted account Id
- Account
Id - The account IDs
- Auditlog
Group - Audit Log Group Name
- Cft
Role Name - Role name to run the account onboarding CFT in each account to be onboarded.
- Cloudwatch
Log Group - Cloudwatch Log Group
- Cloudwatch
Namespace - Cloudwatch Namespace
- Decryption
Cert - The CloudNGFW can decrypt inbound and outbound traffic by providing a certificate stored in secret Manager. The role allows the service to access a certificate configured in the rulestack. Only certificated tagged with PaloAltoCloudNGFW can be accessed
- Endpoint
Mode - Controls whether cloud NGFW will create firewall endpoints automatitically in customer subnets
- External
Id - External Id of the onboarded account
- Kinesis
Firehose - Kinesis Firehose for logging
- Onboarding
Cft - Role name to run the account onboarding CFT in each account to be onboarded.
- S3Bucket
- S3 Bucket Name for Logging. Logging roles provide access to create log contents in this bucket.
- Sns
Topic Arn - SNS topic ARN to publish the role ARNs
- Stack
Id string - ID of the account onboarding CFT stack
- Stack
Status string - Status of the account onboarding CFT stack.
- Trusted
Account - PANW Cloud NGFW trusted account Id
- account
Id - The account IDs
- auditlog
Group - Audit Log Group Name
- cft
Role Name - Role name to run the account onboarding CFT in each account to be onboarded.
- cloudwatch
Log Group - Cloudwatch Log Group
- cloudwatch
Namespace - Cloudwatch Namespace
- decryption
Cert - The CloudNGFW can decrypt inbound and outbound traffic by providing a certificate stored in secret Manager. The role allows the service to access a certificate configured in the rulestack. Only certificated tagged with PaloAltoCloudNGFW can be accessed
- endpoint
Mode - Controls whether cloud NGFW will create firewall endpoints automatitically in customer subnets
- external
Id - External Id of the onboarded account
- kinesis
Firehose - Kinesis Firehose for logging
- onboarding
Cft - Role name to run the account onboarding CFT in each account to be onboarded.
- s3Bucket
- S3 Bucket Name for Logging. Logging roles provide access to create log contents in this bucket.
- sns
Topic Arn - SNS topic ARN to publish the role ARNs
- stack
Id String - ID of the account onboarding CFT stack
- stack
Status String - Status of the account onboarding CFT stack.
- trusted
Account - PANW Cloud NGFW trusted account Id
- account
Id - The account IDs
- auditlog
Group - Audit Log Group Name
- cft
Role Name - Role name to run the account onboarding CFT in each account to be onboarded.
- cloudwatch
Log Group - Cloudwatch Log Group
- cloudwatch
Namespace - Cloudwatch Namespace
- decryption
Cert - The CloudNGFW can decrypt inbound and outbound traffic by providing a certificate stored in secret Manager. The role allows the service to access a certificate configured in the rulestack. Only certificated tagged with PaloAltoCloudNGFW can be accessed
- endpoint
Mode - Controls whether cloud NGFW will create firewall endpoints automatitically in customer subnets
- external
Id - External Id of the onboarded account
- kinesis
Firehose - Kinesis Firehose for logging
- onboarding
Cft - Role name to run the account onboarding CFT in each account to be onboarded.
- s3Bucket
- S3 Bucket Name for Logging. Logging roles provide access to create log contents in this bucket.
- sns
Topic Arn - SNS topic ARN to publish the role ARNs
- stack
Id string - ID of the account onboarding CFT stack
- stack
Status string - Status of the account onboarding CFT stack.
- trusted
Account - PANW Cloud NGFW trusted account Id
- account_
id - The account IDs
- auditlog_
group - Audit Log Group Name
- cft_
role_ name - Role name to run the account onboarding CFT in each account to be onboarded.
- cloudwatch_
log_ group - Cloudwatch Log Group
- cloudwatch_
namespace - Cloudwatch Namespace
- decryption_
cert - The CloudNGFW can decrypt inbound and outbound traffic by providing a certificate stored in secret Manager. The role allows the service to access a certificate configured in the rulestack. Only certificated tagged with PaloAltoCloudNGFW can be accessed
- endpoint_
mode - Controls whether cloud NGFW will create firewall endpoints automatitically in customer subnets
- external_
id - External Id of the onboarded account
- kinesis_
firehose - Kinesis Firehose for logging
- onboarding_
cft - Role name to run the account onboarding CFT in each account to be onboarded.
- s3_
bucket - S3 Bucket Name for Logging. Logging roles provide access to create log contents in this bucket.
- sns_
topic_ arn - SNS topic ARN to publish the role ARNs
- stack_
id str - ID of the account onboarding CFT stack
- stack_
status str - Status of the account onboarding CFT stack.
- trusted_
account - PANW Cloud NGFW trusted account Id
- account
Id - The account IDs
- auditlog
Group - Audit Log Group Name
- cft
Role Name - Role name to run the account onboarding CFT in each account to be onboarded.
- cloudwatch
Log Group - Cloudwatch Log Group
- cloudwatch
Namespace - Cloudwatch Namespace
- decryption
Cert - The CloudNGFW can decrypt inbound and outbound traffic by providing a certificate stored in secret Manager. The role allows the service to access a certificate configured in the rulestack. Only certificated tagged with PaloAltoCloudNGFW can be accessed
- endpoint
Mode - Controls whether cloud NGFW will create firewall endpoints automatitically in customer subnets
- external
Id - External Id of the onboarded account
- kinesis
Firehose - Kinesis Firehose for logging
- onboarding
Cft - Role name to run the account onboarding CFT in each account to be onboarded.
- s3Bucket
- S3 Bucket Name for Logging. Logging roles provide access to create log contents in this bucket.
- sns
Topic Arn - SNS topic ARN to publish the role ARNs
- stack
Id String - ID of the account onboarding CFT stack
- stack
Status String - Status of the account onboarding CFT stack.
- trusted
Account - PANW Cloud NGFW trusted account Id
Package Details
- Repository
- cloudngfwaws pulumi/pulumi-cloudngfwaws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
cloudngfwawsTerraform Provider.
Palo Alto Networks Cloud NGFW for AWS v0.1.1 published on Saturday, Mar 15, 2025 by Pulumi