Palo Alto Networks Cloud NGFW for AWS v1.0.0, Oct 8 25

Palo Alto Networks Cloud NGFW for AWS v1.0.0 published on Wednesday, Oct 8, 2025 by Pulumi

cloudngfwaws.getNgfw

Palo Alto Networks Cloud NGFW for AWS v1.0.0 published on Wednesday, Oct 8, 2025 by Pulumi

pulumi/pulumi-cloudngfwaws

Admin Permission Type

Firewall

Example Usage

Example coming soon!

Example coming soon!

Example coming soon!

Example coming soon!

Example coming soon!

variables:
  example:
    fn::invoke:
      function: cloudngfwaws:getNgfw
      arguments:
        name: example-instance

Using getNgfw

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getNgfw(args: GetNgfwArgs, opts?: InvokeOptions): Promise<GetNgfwResult>
function getNgfwOutput(args: GetNgfwOutputArgs, opts?: InvokeOptions): Output<GetNgfwResult>

def get_ngfw(firewall_id: Optional[str] = None,
             opts: Optional[InvokeOptions] = None) -> GetNgfwResult
def get_ngfw_output(firewall_id: Optional[pulumi.Input[str]] = None,
             opts: Optional[InvokeOptions] = None) -> Output[GetNgfwResult]

func LookupNgfw(ctx *Context, args *LookupNgfwArgs, opts ...InvokeOption) (*LookupNgfwResult, error)
func LookupNgfwOutput(ctx *Context, args *LookupNgfwOutputArgs, opts ...InvokeOption) LookupNgfwResultOutput

> Note: This function is named LookupNgfw in the Go SDK.

public static class GetNgfw 
{
    public static Task<GetNgfwResult> InvokeAsync(GetNgfwArgs args, InvokeOptions? opts = null)
    public static Output<GetNgfwResult> Invoke(GetNgfwInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetNgfwResult> getNgfw(GetNgfwArgs args, InvokeOptions options)
public static Output<GetNgfwResult> getNgfw(GetNgfwArgs args, InvokeOptions options)

fn::invoke:
  function: cloudngfwaws:index/getNgfw:getNgfw
  arguments:
    # arguments dictionary

The following arguments are supported:

FirewallId string: The Firewall ID.

FirewallId string: The Firewall ID.

firewallId String: The Firewall ID.

firewallId string: The Firewall ID.

firewall_id str: The Firewall ID.

firewallId String: The Firewall ID.

getNgfw Result

The following output properties are available:

AccountId string: The description.
AllowlistAccounts List<string>: The list of allowed accounts for this NGFW.
AppIdVersion string: App-ID version number.
AutomaticUpgradeAppIdVersion bool: Automatic App-ID upgrade version number.
AzLists List<string>: The list of availability zones for this NGFW.
ChangeProtections List<string>: Enables or disables change protection for the NGFW.
DeploymentUpdateToken string: The update token.
Description string: The NGFW description.
EgressNats List<Pulumi.CloudNgfwAws.Outputs.GetNgfwEgressNat>
EndpointMode string: Set endpoint mode from the following options. Valid values are ServiceManaged or CustomerManaged.
EndpointServiceName string: The endpoint service name.
Endpoints List<Pulumi.CloudNgfwAws.Outputs.GetNgfwEndpoint>
FirewallId string: The Firewall ID.
GlobalRulestack string: The global rulestack for this NGFW.
Id string: The provider-assigned unique ID for this managed resource.
LinkId string: The link ID.
LinkStatus string: The link status.
MultiVpc bool: Share NGFW with Multiple VPCs. This feature can be enabled only if the endpoint_mode is CustomerManaged.
Name string: The NGFW name.
PrivateAccesses List<Pulumi.CloudNgfwAws.Outputs.GetNgfwPrivateAccess>
Rulestack string: The rulestack for this NGFW.
Statuses List<Pulumi.CloudNgfwAws.Outputs.GetNgfwStatus>
SubnetMappings List<Pulumi.CloudNgfwAws.Outputs.GetNgfwSubnetMapping>: Subnet mappings.
Tags Dictionary<string, string>: The tags.
UpdateToken string: The update token.
UserIds List<Pulumi.CloudNgfwAws.Outputs.GetNgfwUserId>
VpcId string: The VPC ID for the NGFW.

AccountId string: The description.
AllowlistAccounts []string: The list of allowed accounts for this NGFW.
AppIdVersion string: App-ID version number.
AutomaticUpgradeAppIdVersion bool: Automatic App-ID upgrade version number.
AzLists []string: The list of availability zones for this NGFW.
ChangeProtections []string: Enables or disables change protection for the NGFW.
DeploymentUpdateToken string: The update token.
Description string: The NGFW description.
EgressNats []GetNgfwEgressNat
EndpointMode string: Set endpoint mode from the following options. Valid values are ServiceManaged or CustomerManaged.
EndpointServiceName string: The endpoint service name.
Endpoints []GetNgfwEndpoint
FirewallId string: The Firewall ID.
GlobalRulestack string: The global rulestack for this NGFW.
Id string: The provider-assigned unique ID for this managed resource.
LinkId string: The link ID.
LinkStatus string: The link status.
MultiVpc bool: Share NGFW with Multiple VPCs. This feature can be enabled only if the endpoint_mode is CustomerManaged.
Name string: The NGFW name.
PrivateAccesses []GetNgfwPrivateAccess
Rulestack string: The rulestack for this NGFW.
Statuses []GetNgfwStatus
SubnetMappings []GetNgfwSubnetMapping: Subnet mappings.
Tags map[string]string: The tags.
UpdateToken string: The update token.
UserIds []GetNgfwUserId
VpcId string: The VPC ID for the NGFW.

accountId String: The description.
allowlistAccounts List<String>: The list of allowed accounts for this NGFW.
appIdVersion String: App-ID version number.
automaticUpgradeAppIdVersion Boolean: Automatic App-ID upgrade version number.
azLists List<String>: The list of availability zones for this NGFW.
changeProtections List<String>: Enables or disables change protection for the NGFW.
deploymentUpdateToken String: The update token.
description String: The NGFW description.
egressNats List<GetNgfwEgressNat>
endpointMode String: Set endpoint mode from the following options. Valid values are ServiceManaged or CustomerManaged.
endpointServiceName String: The endpoint service name.
endpoints List<GetNgfwEndpoint>
firewallId String: The Firewall ID.
globalRulestack String: The global rulestack for this NGFW.
id String: The provider-assigned unique ID for this managed resource.
linkId String: The link ID.
linkStatus String: The link status.
multiVpc Boolean: Share NGFW with Multiple VPCs. This feature can be enabled only if the endpoint_mode is CustomerManaged.
name String: The NGFW name.
privateAccesses List<GetNgfwPrivateAccess>
rulestack String: The rulestack for this NGFW.
statuses List<GetNgfwStatus>
subnetMappings List<GetNgfwSubnetMapping>: Subnet mappings.
tags Map<String,String>: The tags.
updateToken String: The update token.
userIds List<GetNgfwUserId>
vpcId String: The VPC ID for the NGFW.

accountId string: The description.
allowlistAccounts string[]: The list of allowed accounts for this NGFW.
appIdVersion string: App-ID version number.
automaticUpgradeAppIdVersion boolean: Automatic App-ID upgrade version number.
azLists string[]: The list of availability zones for this NGFW.
changeProtections string[]: Enables or disables change protection for the NGFW.
deploymentUpdateToken string: The update token.
description string: The NGFW description.
egressNats GetNgfwEgressNat[]
endpointMode string: Set endpoint mode from the following options. Valid values are ServiceManaged or CustomerManaged.
endpointServiceName string: The endpoint service name.
endpoints GetNgfwEndpoint[]
firewallId string: The Firewall ID.
globalRulestack string: The global rulestack for this NGFW.
id string: The provider-assigned unique ID for this managed resource.
linkId string: The link ID.
linkStatus string: The link status.
multiVpc boolean: Share NGFW with Multiple VPCs. This feature can be enabled only if the endpoint_mode is CustomerManaged.
name string: The NGFW name.
privateAccesses GetNgfwPrivateAccess[]
rulestack string: The rulestack for this NGFW.
statuses GetNgfwStatus[]
subnetMappings GetNgfwSubnetMapping[]: Subnet mappings.
tags {[key: string]: string}: The tags.
updateToken string: The update token.
userIds GetNgfwUserId[]
vpcId string: The VPC ID for the NGFW.

account_id str: The description.
allowlist_accounts Sequence[str]: The list of allowed accounts for this NGFW.
app_id_version str: App-ID version number.
automatic_upgrade_app_id_version bool: Automatic App-ID upgrade version number.
az_lists Sequence[str]: The list of availability zones for this NGFW.
change_protections Sequence[str]: Enables or disables change protection for the NGFW.
deployment_update_token str: The update token.
description str: The NGFW description.
egress_nats Sequence[GetNgfwEgressNat]
endpoint_mode str: Set endpoint mode from the following options. Valid values are ServiceManaged or CustomerManaged.
endpoint_service_name str: The endpoint service name.
endpoints Sequence[GetNgfwEndpoint]
firewall_id str: The Firewall ID.
global_rulestack str: The global rulestack for this NGFW.
id str: The provider-assigned unique ID for this managed resource.
link_id str: The link ID.
link_status str: The link status.
multi_vpc bool: Share NGFW with Multiple VPCs. This feature can be enabled only if the endpoint_mode is CustomerManaged.
name str: The NGFW name.
private_accesses Sequence[GetNgfwPrivateAccess]
rulestack str: The rulestack for this NGFW.
statuses Sequence[GetNgfwStatus]
subnet_mappings Sequence[GetNgfwSubnetMapping]: Subnet mappings.
tags Mapping[str, str]: The tags.
update_token str: The update token.
user_ids Sequence[GetNgfwUserId]
vpc_id str: The VPC ID for the NGFW.

accountId String: The description.
allowlistAccounts List<String>: The list of allowed accounts for this NGFW.
appIdVersion String: App-ID version number.
automaticUpgradeAppIdVersion Boolean: Automatic App-ID upgrade version number.
azLists List<String>: The list of availability zones for this NGFW.
changeProtections List<String>: Enables or disables change protection for the NGFW.
deploymentUpdateToken String: The update token.
description String: The NGFW description.
egressNats List<Property Map>
endpointMode String: Set endpoint mode from the following options. Valid values are ServiceManaged or CustomerManaged.
endpointServiceName String: The endpoint service name.
endpoints List<Property Map>
firewallId String: The Firewall ID.
globalRulestack String: The global rulestack for this NGFW.
id String: The provider-assigned unique ID for this managed resource.
linkId String: The link ID.
linkStatus String: The link status.
multiVpc Boolean: Share NGFW with Multiple VPCs. This feature can be enabled only if the endpoint_mode is CustomerManaged.
name String: The NGFW name.
privateAccesses List<Property Map>
rulestack String: The rulestack for this NGFW.
statuses List<Property Map>
subnetMappings List<Property Map>: Subnet mappings.
tags Map<String>: The tags.
updateToken String: The update token.
userIds List<Property Map>
vpcId String: The VPC ID for the NGFW.

Supporting Types

GetNgfwEgressNat

Enabled bool: Enable egress NAT
Settings List<Pulumi.CloudNgfwAws.Inputs.GetNgfwEgressNatSetting>

Enabled bool: Enable egress NAT
Settings []GetNgfwEgressNatSetting

enabled Boolean: Enable egress NAT
settings List<GetNgfwEgressNatSetting>

enabled boolean: Enable egress NAT
settings GetNgfwEgressNatSetting[]

enabled bool: Enable egress NAT
settings Sequence[GetNgfwEgressNatSetting]

enabled Boolean: Enable egress NAT
settings List<Property Map>

GetNgfwEgressNatSetting

IpPoolType string: Set ip pool type from the following options. Valid values are AWSService or BYOIP.
IpamPoolId string: The IP pool ID

IpPoolType string: Set ip pool type from the following options. Valid values are AWSService or BYOIP.
IpamPoolId string: The IP pool ID

ipPoolType String: Set ip pool type from the following options. Valid values are AWSService or BYOIP.
ipamPoolId String: The IP pool ID

ipPoolType string: Set ip pool type from the following options. Valid values are AWSService or BYOIP.
ipamPoolId string: The IP pool ID

ip_pool_type str: Set ip pool type from the following options. Valid values are AWSService or BYOIP.
ipam_pool_id str: The IP pool ID

ipPoolType String: Set ip pool type from the following options. Valid values are AWSService or BYOIP.
ipamPoolId String: The IP pool ID

GetNgfwEndpoint

AccountId string: The account id.
EgressNatEnabled bool: Enable egress NAT
EndpointId string: Endpoint ID of the security zone
Mode string: The endpoint mode. Valid values are ServiceManaged or CustomerManaged.
Prefixes List<Pulumi.CloudNgfwAws.Inputs.GetNgfwEndpointPrefix>
RejectedReason string: The rejected reason.
Status string: The attachment status.
SubnetId string: The subnet id.
VpcId string: The vpc id.
ZoneId string: The AZ id.

AccountId string: The account id.
EgressNatEnabled bool: Enable egress NAT
EndpointId string: Endpoint ID of the security zone
Mode string: The endpoint mode. Valid values are ServiceManaged or CustomerManaged.
Prefixes []GetNgfwEndpointPrefix
RejectedReason string: The rejected reason.
Status string: The attachment status.
SubnetId string: The subnet id.
VpcId string: The vpc id.
ZoneId string: The AZ id.

accountId String: The account id.
egressNatEnabled Boolean: Enable egress NAT
endpointId String: Endpoint ID of the security zone
mode String: The endpoint mode. Valid values are ServiceManaged or CustomerManaged.
prefixes List<GetNgfwEndpointPrefix>
rejectedReason String: The rejected reason.
status String: The attachment status.
subnetId String: The subnet id.
vpcId String: The vpc id.
zoneId String: The AZ id.

accountId string: The account id.
egressNatEnabled boolean: Enable egress NAT
endpointId string: Endpoint ID of the security zone
mode string: The endpoint mode. Valid values are ServiceManaged or CustomerManaged.
prefixes GetNgfwEndpointPrefix[]
rejectedReason string: The rejected reason.
status string: The attachment status.
subnetId string: The subnet id.
vpcId string: The vpc id.
zoneId string: The AZ id.

account_id str: The account id.
egress_nat_enabled bool: Enable egress NAT
endpoint_id str: Endpoint ID of the security zone
mode str: The endpoint mode. Valid values are ServiceManaged or CustomerManaged.
prefixes Sequence[GetNgfwEndpointPrefix]
rejected_reason str: The rejected reason.
status str: The attachment status.
subnet_id str: The subnet id.
vpc_id str: The vpc id.
zone_id str: The AZ id.

accountId String: The account id.
egressNatEnabled Boolean: Enable egress NAT
endpointId String: Endpoint ID of the security zone
mode String: The endpoint mode. Valid values are ServiceManaged or CustomerManaged.
prefixes List<Property Map>
rejectedReason String: The rejected reason.
status String: The attachment status.
subnetId String: The subnet id.
vpcId String: The vpc id.
zoneId String: The AZ id.

GetNgfwEndpointPrefix

PrivatePrefixes List<Pulumi.CloudNgfwAws.Inputs.GetNgfwEndpointPrefixPrivatePrefix>

PrivatePrefixes []GetNgfwEndpointPrefixPrivatePrefix

privatePrefixes List<GetNgfwEndpointPrefixPrivatePrefix>

privatePrefixes GetNgfwEndpointPrefixPrivatePrefix[]

private_prefixes Sequence[GetNgfwEndpointPrefixPrivatePrefix]

privatePrefixes List<Property Map>

GetNgfwEndpointPrefixPrivatePrefix

Cidrs List<string>

Cidrs []string

cidrs List<String>

cidrs string[]

cidrs Sequence[str]

cidrs List<String>

GetNgfwPrivateAccess

ResourceId string: AWS ResourceID
Type string: Type of Private Access

ResourceId string: AWS ResourceID
Type string: Type of Private Access

resourceId String: AWS ResourceID
type String: Type of Private Access

resourceId string: AWS ResourceID
type string: Type of Private Access

resource_id str: AWS ResourceID
type str: Type of Private Access

resourceId String: AWS ResourceID
type String: Type of Private Access

GetNgfwStatus

DeviceRulestackCommitStatus string: The device rulestack commit status.
FailureReason string: The firewall failure reason.
FirewallStatus string: The firewall status.
RulestackStatus string: The rulestack status.

DeviceRulestackCommitStatus string: The device rulestack commit status.
FailureReason string: The firewall failure reason.
FirewallStatus string: The firewall status.
RulestackStatus string: The rulestack status.

deviceRulestackCommitStatus String: The device rulestack commit status.
failureReason String: The firewall failure reason.
firewallStatus String: The firewall status.
rulestackStatus String: The rulestack status.

deviceRulestackCommitStatus string: The device rulestack commit status.
failureReason string: The firewall failure reason.
firewallStatus string: The firewall status.
rulestackStatus string: The rulestack status.

device_rulestack_commit_status str: The device rulestack commit status.
failure_reason str: The firewall failure reason.
firewall_status str: The firewall status.
rulestack_status str: The rulestack status.

deviceRulestackCommitStatus String: The device rulestack commit status.
failureReason String: The firewall failure reason.
firewallStatus String: The firewall status.
rulestackStatus String: The rulestack status.

GetNgfwSubnetMapping

AvailabilityZone string: The availability zone, for when the endpoint mode is customer managed.
AvailabilityZoneId string: The availability zone ID, for when the endpoint mode is customer managed.
SubnetId string: The subnet id, for when the endpoint mode is service managed.

AvailabilityZone string: The availability zone, for when the endpoint mode is customer managed.
AvailabilityZoneId string: The availability zone ID, for when the endpoint mode is customer managed.
SubnetId string: The subnet id, for when the endpoint mode is service managed.

availabilityZone String: The availability zone, for when the endpoint mode is customer managed.
availabilityZoneId String: The availability zone ID, for when the endpoint mode is customer managed.
subnetId String: The subnet id, for when the endpoint mode is service managed.

availabilityZone string: The availability zone, for when the endpoint mode is customer managed.
availabilityZoneId string: The availability zone ID, for when the endpoint mode is customer managed.
subnetId string: The subnet id, for when the endpoint mode is service managed.

availability_zone str: The availability zone, for when the endpoint mode is customer managed.
availability_zone_id str: The availability zone ID, for when the endpoint mode is customer managed.
subnet_id str: The subnet id, for when the endpoint mode is service managed.

availabilityZone String: The availability zone, for when the endpoint mode is customer managed.
availabilityZoneId String: The availability zone ID, for when the endpoint mode is customer managed.
subnetId String: The subnet id, for when the endpoint mode is service managed.

GetNgfwUserId

AgentName string: Agent Name for UserID
CollectorName string: The Collector Name
CustomIncludeExcludeNetworks List<Pulumi.CloudNgfwAws.Inputs.GetNgfwUserIdCustomIncludeExcludeNetwork>: List of Custom Include Exclude Networks
Enabled bool: Enable UserID Config
Port int: The Port
SecretKeyArn string: AWS Secret Key ARN
UserIdStatus string: Status and State of UserID Configuration

AgentName string: Agent Name for UserID
CollectorName string: The Collector Name
CustomIncludeExcludeNetworks []GetNgfwUserIdCustomIncludeExcludeNetwork: List of Custom Include Exclude Networks
Enabled bool: Enable UserID Config
Port int: The Port
SecretKeyArn string: AWS Secret Key ARN
UserIdStatus string: Status and State of UserID Configuration

agentName String: Agent Name for UserID
collectorName String: The Collector Name
customIncludeExcludeNetworks List<GetNgfwUserIdCustomIncludeExcludeNetwork>: List of Custom Include Exclude Networks
enabled Boolean: Enable UserID Config
port Integer: The Port
secretKeyArn String: AWS Secret Key ARN
userIdStatus String: Status and State of UserID Configuration

agentName string: Agent Name for UserID
collectorName string: The Collector Name
customIncludeExcludeNetworks GetNgfwUserIdCustomIncludeExcludeNetwork[]: List of Custom Include Exclude Networks
enabled boolean: Enable UserID Config
port number: The Port
secretKeyArn string: AWS Secret Key ARN
userIdStatus string: Status and State of UserID Configuration

agent_name str: Agent Name for UserID
collector_name str: The Collector Name
custom_include_exclude_networks Sequence[GetNgfwUserIdCustomIncludeExcludeNetwork]: List of Custom Include Exclude Networks
enabled bool: Enable UserID Config
port int: The Port
secret_key_arn str: AWS Secret Key ARN
user_id_status str: Status and State of UserID Configuration

agentName String: Agent Name for UserID
collectorName String: The Collector Name
customIncludeExcludeNetworks List<Property Map>: List of Custom Include Exclude Networks
enabled Boolean: Enable UserID Config
port Number: The Port
secretKeyArn String: AWS Secret Key ARN
userIdStatus String: Status and State of UserID Configuration

GetNgfwUserIdCustomIncludeExcludeNetwork

DiscoveryInclude bool: Include or exclude this subnet from user-id configuration
Enabled bool: Enable this specific custom include/exclude network
Name string: Name of subnet filter
NetworkAddress string: Network IP address of the subnet filter

DiscoveryInclude bool: Include or exclude this subnet from user-id configuration
Enabled bool: Enable this specific custom include/exclude network
Name string: Name of subnet filter
NetworkAddress string: Network IP address of the subnet filter

discoveryInclude Boolean: Include or exclude this subnet from user-id configuration
enabled Boolean: Enable this specific custom include/exclude network
name String: Name of subnet filter
networkAddress String: Network IP address of the subnet filter

discoveryInclude boolean: Include or exclude this subnet from user-id configuration
enabled boolean: Enable this specific custom include/exclude network
name string: Name of subnet filter
networkAddress string: Network IP address of the subnet filter

discovery_include bool: Include or exclude this subnet from user-id configuration
enabled bool: Enable this specific custom include/exclude network
name str: Name of subnet filter
network_address str: Network IP address of the subnet filter

discoveryInclude Boolean: Include or exclude this subnet from user-id configuration
enabled Boolean: Enable this specific custom include/exclude network
name String: Name of subnet filter
networkAddress String: Network IP address of the subnet filter

Package Details

Repository: cloudngfwaws pulumi/pulumi-cloudngfwaws
License: Apache-2.0
Notes: This Pulumi package is based on the cloudngfwaws Terraform Provider.

Palo Alto Networks Cloud NGFW for AWS v1.0.0 published on Wednesday, Oct 8, 2025 by Pulumi

pulumi/pulumi-cloudngfwaws

cloudngfwaws.getNgfw

On this page

On this page

Admin Permission Type

Example Usage

Using getNgfw

getNgfw Result

Supporting Types

GetNgfwEgressNat

GetNgfwEgressNatSetting

GetNgfwEndpoint

GetNgfwEndpointPrefix

GetNgfwEndpointPrefixPrivatePrefix

GetNgfwPrivateAccess

GetNgfwStatus

GetNgfwSubnetMapping

GetNgfwUserId

GetNgfwUserIdCustomIncludeExcludeNetwork

Package Details

On this page

On this page